Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\ExternalUICleaner.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\New

MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\PrepareDlgProgress.gif

GIF image data, version 89a, 83 x 28

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\ProgressImage.png

PNG image data, 121 x 14, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\ShortcutFlags.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\Up

MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\applogoicon.bmp

PC bitmap, Windows 3.x format, 60 x 60 x 32, cbSize 14454, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\backbutton

PNG image data, 624 x 37, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\backbutton.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\background

PC bitmap, Windows 3.x format, 5 x 5 x 32, image size 100, resolution 3780 x 3780 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\backgroundprepare

PC bitmap, Windows 3.x format, 5 x 5 x 32, image size 100, resolution 3780 x 3780 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\backgroundsurface

PC bitmap, Windows 3.x format, 5 x 5 x 32, image size 100, resolution 3780 x 3780 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\browsebutton

PNG image data, 168 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\browsebutton.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\checkbox

PNG image data, 192 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\checkbox_for_ctrls

PNG image data, 192 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\checkbox_for_list_ctrls

PNG image data, 32 x 16, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\cmdlinkarrow

MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\completi

MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\custicon

MS Windows icon resource - 5 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\exclamic

PNG image data, 50 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_left.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_left_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_mid.bmp

PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_mid_inactive.bmp

PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_right.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_bottom_right_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_caption.bmp

PC bitmap, Windows 3.x format, 1 x 38 x 24, image size 152, resolution 3778 x 3778 px/m, cbSize 206, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_caption_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 38 x 24, image size 152, resolution 3778 x 3778 px/m, cbSize 206, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_left.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_left_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_right.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_right_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 3 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_left.bmp

PC bitmap, Windows 3.x format, 1 x 25 x 24, image size 100, resolution 2835 x 2835 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_left_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 25 x 24, image size 100, resolution 2835 x 2835 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_mid.bmp

PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_mid_inactive.bmp

PC bitmap, Windows 3.x format, 3 x 1 x 24, image size 12, resolution 2835 x 2835 px/m, cbSize 66, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_right.bmp

PC bitmap, Windows 3.x format, 1 x 25 x 24, image size 100, resolution 2835 x 2835 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\frame_top_right_inactive.bmp

PC bitmap, Windows 3.x format, 1 x 25 x 24, image size 100, resolution 2835 x 2835 px/m, cbSize 154, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\info

PNG image data, 50 x 69, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\installlogoicon

MS Windows icon resource - 5 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\insticon

MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\lzmaextractor.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metrobuttonimage

PNG image data, 624 x 37, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metrobuttonimage.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metroinstallbutton

PNG image data, 1020 x 54, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metroinstallbutton.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metrorunapplicationbutton

PNG image data, 732 x 163, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\metrorunapplicationbutton.xaml

ASCII text, with very long lines (373), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\modify.png

PNG image data, 732 x 163, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\modify.png.xaml

ASCII text, with very long lines (383), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\nextcancelbuttons

PNG image data, 624 x 37, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\nextcancelbuttons.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\optionslogoicon

MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\print.png

PNG image data, 222 x 37, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\print.png.xaml

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\printico

MS Windows icon resource - 2 icons, 32x32, 8 bits/pixel, 32x32, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\remove.png

PNG image data, 732 x 163, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\remove.png.xaml

ASCII text, with very long lines (379), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\removico

MS Windows icon resource - 5 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\repair.png

PNG image data, 732 x 163, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\repair.png.xaml

ASCII text, with very long lines (584), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\repairic

MS Windows icon resource - 4 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\runapplicationbutton

PNG image data, 432 x 72, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_close_down.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_close_hot.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_close_inactive.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_close_normal.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_min_down.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_min_hot.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_min_inactive.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\sys_min_normal.png

PNG image data, 28 x 26, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\viewreadmebutton

PNG image data, 732 x 163, 8-bit/color RGBA, non-interlaced

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\viewreadmebutton.xaml

ASCII text, with very long lines (387), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\waitlogoicon

MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel

dropped

C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_7284\whitebackground

JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 400x300, components 3

dropped

C:\Users\user\AppData\Local\Temp\MSI772.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI7F0.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI82F.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI850.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI870.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI880.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI8A1.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSI92E.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSIB14.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\MSIB53.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\shi55E.tmp

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\Microsoft\Outlook 24.9\install\550CEA2\?? 02 - ??.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {D50A0C29-3B68-4483-AA7D-3507B07E5BB7}, Number of Words: 0, Subject: Outlook, Author: Microsoft, Name of Creating Application: Outlook, Template: ;2052, Comments: Outlook , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Jan 25 08:08:36 2024, Number of Pages: 200

dropped

C:\Users\user\AppData\Roaming\Microsoft\Outlook 24.9\install\550CEA2\?? 02 - ??.x64.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {04B12AD4-B137-456D-BCD0-722D8223EA45}, Number of Words: 0, Subject: Outlook, Author: Microsoft, Name of Creating Application: Outlook, Template: x64;2052, Comments: Outlook , Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Thu Jan 25 08:08:37 2024, Number of Pages: 200

dropped

C:\Users\user\AppData\Roaming\Microsoft\Outlook 24.9\install\holder0.aiph

data

dropped

There are 81 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7284
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe"
Size:	12568744
MD5:	FE41BA6E49587E644575CC3E63BBEC57
Time:	05:27:00
Date:	31/08/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xe80000
Modulesize:	3497984
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Uses 32bit PE files	Compliance, System Summary
Found strings which match to known social media urls	Networking
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
PE file contains a valid data directory to section mapping	System Summary
Binary contains paths to debug symbols	Compliance, System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a big raw section	System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
PE file has a big code size	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Details

Is windows:	true
Is dropped:	false
PID:	7392
Target ID:	2
Parent PID:	632
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\System32\msiexec.exe
Commandline:	C:\Windows\system32\msiexec.exe /V
Size:	69632
MD5:	E5DA170027542E25EDE42FC54C929077
Time:	05:27:01
Date:	31/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff618720000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 0E4E2BFC58A5D03AC826880BF5326FF0 C

Details

Is windows:	true
Is dropped:	false
PID:	7472
Target ID:	3
Parent PID:	7392
Name:	msiexec.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\msiexec.exe
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding 0E4E2BFC58A5D03AC826880BF5326FF0 C
Size:	59904
MD5:	9D09DC1EDA745A5F87553048E57620CF
Time:	05:27:02
Date:	31/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x3a0000
Modulesize:	73728
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0

unknown

http://html4/loose.dtd

unknown

http://ocsp.sectigo.com00

unknown

https://sectigo.com/CPS0

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

http://ocsp.sectigo.com0

unknown

http://.css

unknown

http://.jpg

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#

unknown

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 49 79 04 B0 EB 87 19 AC 47 B0 BC 11 51 9B 74 D0 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 19 00 00 00 01 00 00 00 10 00 00 00 2A A1 C0 5E 2A E6 06 F1 98 C2 C5 E9 37 C9 7A A2 20 00 00 00 01 00 00 00 36 04 00 00 30 82 04 32 30 82 03 1A A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 1E 17 0D 30 34 30 31 30 31 30 30 30 30 30 30 5A 17 0D 32 38 31 32 33 31 32 33 35 39 35 39 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE 40 9D F4 6E E1 EA 76 87 1C 4D 45 44 8E BE 46 C8 83 06 9D C1 2A FE 18 1F 8E E4 02 FA F3 AB 5D 50 8A 16 31 0B 9A 06 D0 C5 70 22 CD 49 2D 54 63 CC B6 6E 68 46 0B 53 EA CB 4C 24 C0 BC 72 4E EA F1 15 AE F4 54 9A 12 0A C3 7A B2 33 60 E2 DA 89 55 F3 22 58 F3 DE DC CF EF 83 86 A2 8C 94 4F 9F 68 F2 98 90 46 84 27 C7 76 BF E3 CC 35 2C 8B 5E 07 64 65 82 C0 48 B0 A8 91 F9 61 9F 76 20 50 A8 91 C7 66 B5 EB 78 62 03 56 F0 8A 1A 13 EA 31 A3 1E A0 99 FD 38 F6 F6 27 32 58 6F 07 F5 6B B8 FB 14 2B AF B7 AA CC D6 63 5F 73 8C DA 05 99 A8 38 A8 CB 17 78 36 51 AC E9 9E F4 78 3A 8D CF 0F D9 42 E2 98 0C AB 2F 9F 0E 01 DE EF 9F 99 49 F1 2D DF AC 74 4D 1B 98 B5 47 C5 E5 29 D1 F9 90 18 C7 62 9C BE 83 C7 26 7B 3E 8A 25 C7 C0 DD 9D E6 35 68 10 20 9D 8F D8 DE D2 C3 84 9C 0D 5E E8 2F C9 02 03 01 00 01 A3 81 C0 30 81 BD 30 1D 06 03 55 1D 0E 04 16 04 14 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 7B 06 03 55 1D 1F 04 74 30 72 30 38 A0 36 A0 34 86 32 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 63 61 2E 63 6F 6D 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 36 A0 34 A0 32 86 30 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 56 FC 02 F0 9B E8 FF A4 FA D6 7B C6 44 80 CE 4F C4 C5 F6 00 58 CC A6 B6 BC 14 49 68 04 76 E8 E6 EE 5D EC 02 0F 60 D6 8D 50 18 4F 26 4E 01 E3 E6 B0 A5 EE BF BC 74 54 41 BF FD FC 12 B8 C7 4F 5A F4 89 60 05 7F 60 B7 05 4A F3 F6 F1 C2 BF C4 B9 74 86 B6 2D 7D 6B CC D2 F3 46 DD 2F C6 E0 6A C3 C3 34 03 2C 7D 96 DD 5A C2 0E A7 0A 99 C1 05 8B AB 0C 2F F3 5C 3A CF 6C 37 55 09 87 DE 53 40 6C 58 EF FC B6 AB 65 6E 04 F6 1B DC 3C E0 5A 15 C6 9E D9 F1 59 48 30 21 65 03 6C EC E9 21 73 EC 9B 03 A1 E0 37 AD A0 15 18 8F FA BA 02 CE A7 2C A9 10 13 2C D4 E5 08 26 AB 22 97 60 F8 90 5E 74 D4 A2 9A 53 BD F2 A9 68 E0 A2 6E C2 D7 6C B1 A3 0F 9E BF EB 68 E7 56 F2 AE F2 E3 2B 38 3A 09 81 B5 6B 85 D7 BE 2D ED 3F 1A B7 B2 63 E2 F5 62 2C 82 D4 6A 00 41 50 F1 39 83 9F 95 E9 36 96 98 6E

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 19 00 00 00 01 00 00 00 10 00 00 00 2A A1 C0 5E 2A E6 06 F1 98 C2 C5 E9 37 C9 7A A2 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 04 00 00 00 01 00 00 00 10 00 00 00 49 79 04 B0 EB 87 19 AC 47 B0 BC 11 51 9B 74 D0 20 00 00 00 01 00 00 00 36 04 00 00 30 82 04 32 30 82 03 1A A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 1E 17 0D 30 34 30 31 30 31 30 30 30 30 30 30 5A 17 0D 32 38 31 32 33 31 32 33 35 39 35 39 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE 40 9D F4 6E E1 EA 76 87 1C 4D 45 44 8E BE 46 C8 83 06 9D C1 2A FE 18 1F 8E E4 02 FA F3 AB 5D 50 8A 16 31 0B 9A 06 D0 C5 70 22 CD 49 2D 54 63 CC B6 6E 68 46 0B 53 EA CB 4C 24 C0 BC 72 4E EA F1 15 AE F4 54 9A 12 0A C3 7A B2 33 60 E2 DA 89 55 F3 22 58 F3 DE DC CF EF 83 86 A2 8C 94 4F 9F 68 F2 98 90 46 84 27 C7 76 BF E3 CC 35 2C 8B 5E 07 64 65 82 C0 48 B0 A8 91 F9 61 9F 76 20 50 A8 91 C7 66 B5 EB 78 62 03 56 F0 8A 1A 13 EA 31 A3 1E A0 99 FD 38 F6 F6 27 32 58 6F 07 F5 6B B8 FB 14 2B AF B7 AA CC D6 63 5F 73 8C DA 05 99 A8 38 A8 CB 17 78 36 51 AC E9 9E F4 78 3A 8D CF 0F D9 42 E2 98 0C AB 2F 9F 0E 01 DE EF 9F 99 49 F1 2D DF AC 74 4D 1B 98 B5 47 C5 E5 29 D1 F9 90 18 C7 62 9C BE 83 C7 26 7B 3E 8A 25 C7 C0 DD 9D E6 35 68 10 20 9D 8F D8 DE D2 C3 84 9C 0D 5E E8 2F C9 02 03 01 00 01 A3 81 C0 30 81 BD 30 1D 06 03 55 1D 0E 04 16 04 14 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 7B 06 03 55 1D 1F 04 74 30 72 30 38 A0 36 A0 34 86 32 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 63 61 2E 63 6F 6D 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 36 A0 34 A0 32 86 30 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 56 FC 02 F0 9B E8 FF A4 FA D6 7B C6 44 80 CE 4F C4 C5 F6 00 58 CC A6 B6 BC 14 49 68 04 76 E8 E6 EE 5D EC 02 0F 60 D6 8D 50 18 4F 26 4E 01 E3 E6 B0 A5 EE BF BC 74 54 41 BF FD FC 12 B8 C7 4F 5A F4 89 60 05 7F 60 B7 05 4A F3 F6 F1 C2 BF C4 B9 74 86 B6 2D 7D 6B CC D2 F3 46 DD 2F C6 E0 6A C3 C3 34 03 2C 7D 96 DD 5A C2 0E A7 0A 99 C1 05 8B AB 0C 2F F3 5C 3A CF 6C 37 55 09 87 DE 53 40 6C 58 EF FC B6 AB 65 6E 04 F6 1B DC 3C E0 5A 15 C6 9E D9 F1 59 48 30 21 65 03 6C EC E9 21 73 EC 9B 03 A1 E0 37 AD A0 15 18 8F FA BA 02 CE A7 2C A9 10 13 2C D4 E5 08 26 AB 22 97 60 F8 90 5E 74 D4 A2 9A 53 BD F2 A9 68 E0 A2 6E C2 D7 6C B1 A3 0F 9E BF EB 68 E7 56 F2 AE F2 E3 2B 38 3A 09 81 B5 6B 85 D7 BE 2D ED 3F 1A B7 B2 63 E2 F5 62 2C 82 D4 6A 00 41 50 F1 39 83 9F 95 E9 36 96 98 6E

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

Memdumps

Base Address

Regiontype

Protect

Malicious

C63000

heap

page read and write

577B000

heap

page read and write

577D000

heap

page read and write

56BF000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

572A000

heap

page read and write

5726000

heap

page read and write

3EB1000

heap

page read and write

5760000

heap

page read and write

5735000

heap

page read and write

5726000

heap

page read and write

56D8000

heap

page read and write

577D000

heap

page read and write

C57000

heap

page read and write

CE0000

heap

page read and write

AD0000

heap

page read and write

56E0000

heap

page read and write

5BD0000

heap

page read and write

5731000

heap

page read and write

56D8000

heap

page read and write

C6C000

heap

page read and write

56BC000

heap

page read and write

3EA1000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

56C3000

heap

page read and write

56CB000

heap

page read and write

5970000

trusted library allocation

page read and write

5760000

heap

page read and write

2D20000

heap

page read and write

5759000

heap

page read and write

577B000

heap

page read and write

56BF000

heap

page read and write

56E0000

heap

page read and write

3EAA000

heap

page read and write

5971000

trusted library allocation

page read and write

575D000

heap

page read and write

56B3000

heap

page read and write

575D000

heap

page read and write

5971000

trusted library allocation

page read and write

C83000

heap

page read and write

56B6000

heap

page read and write

56CB000

heap

page read and write

3E71000

heap

page read and write

56BF000

heap

page read and write

3EA2000

heap

page read and write

56DC000

heap

page read and write

577B000

heap

page read and write

3E9E000

heap

page read and write

5731000

heap

page read and write

577B000

heap

page read and write

574C000

heap

page read and write

5759000

heap

page read and write

5BEE000

heap

page read and write

CCB000

heap

page read and write

577B000

heap

page read and write

BD0000

heap

page read and write

1178000

unkown

page write copy

5726000

heap

page read and write

31AE000

stack

page read and write

5BF6000

heap

page read and write

56DC000

heap

page read and write

54A0000

unkown

page readonly

56C3000

heap

page read and write

5735000

heap

page read and write

56AD000

heap

page read and write

10E9000

unkown

page readonly

56AD000

heap

page read and write

572A000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

3EC7000

heap

page read and write

31FE000

stack

page read and write

5749000

heap

page read and write

577D000

heap

page read and write

577B000

heap

page read and write

577B000

heap

page read and write

5430000

unkown

page readonly

E80000

unkown

page readonly

577B000

heap

page read and write

408C000

stack

page read and write

56BC000

heap

page read and write

56CB000

heap

page read and write

2D2A000

heap

page read and write

CE3000

heap

page read and write

5460000

unkown

page readonly

5735000

heap

page read and write

574C000

heap

page read and write

577D000

heap

page read and write

5F90000

trusted library section

page read and write

56BC000

heap

page read and write

5726000

heap

page read and write

56AD000

heap

page read and write

575D000

heap

page read and write

577B000

heap

page read and write

56CB000

heap

page read and write

5731000

heap

page read and write

574C000

heap

page read and write

6390000

unkown

page readonly

56E0000

heap

page read and write

E50000

heap

page read and write

5500000

unkown

page readonly

117A000

unkown

page write copy

56B2000

heap

page read and write

577B000

heap

page read and write

577D000

heap

page read and write

56C3000

heap

page read and write

577B000

heap

page read and write

56BC000

heap

page read and write

67A0000

trusted library allocation

page read and write

CAA000

heap

page read and write

5971000

trusted library allocation

page read and write

418D000

stack

page read and write

32FF000

stack

page read and write

56DC000

heap

page read and write

5731000

heap

page read and write

5C18000

heap

page read and write

575D000

heap

page read and write

577B000

heap

page read and write

CCB000

heap

page read and write

574C000

heap

page read and write

5749000

heap

page read and write

574C000

heap

page read and write

5BCF000

stack

page read and write

56D8000

heap

page read and write

56AD000

heap

page read and write

5735000

heap

page read and write

576A000

heap

page read and write

5970000

trusted library allocation

page read and write

C97000

heap

page read and write

56D8000

heap

page read and write

577B000

heap

page read and write

575D000

heap

page read and write

B9B000

heap

page read and write

117B000

unkown

page read and write

C9B000

heap

page read and write

5C0B000

heap

page read and write

5735000

heap

page read and write

5726000

heap

page read and write

5971000

trusted library allocation

page read and write

5760000

heap

page read and write

572A000

heap

page read and write

CB7000

heap

page read and write

577D000

heap

page read and write

5971000

trusted library allocation

page read and write

56B2000

heap

page read and write

56AB000

heap

page read and write

2B7D000

stack

page read and write

56C3000

heap

page read and write

C83000

heap

page read and write

577D000

heap

page read and write

5759000

heap

page read and write

5ACE000

stack

page read and write

5760000

heap

page read and write

56D8000

heap

page read and write

56CB000

heap

page read and write

3E9E000

heap

page read and write

575D000

heap

page read and write

577B000

heap

page read and write

5749000

heap

page read and write

5759000

heap

page read and write

577B000

heap

page read and write

5971000

trusted library allocation

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

572A000

heap

page read and write

575D000

heap

page read and write

887000

stack

page read and write

2BA0000

heap

page read and write

56C3000

heap

page read and write

577D000

heap

page read and write

5749000

heap

page read and write

56C3000

heap

page read and write

1178000

unkown

page read and write

5971000

trusted library allocation

page read and write

577D000

heap

page read and write

10E9000

unkown

page readonly

5C0B000

heap

page read and write

56D8000

heap

page read and write

5760000

heap

page read and write

56DC000

heap

page read and write

56AD000

heap

page read and write

56E0000

heap

page read and write

577B000

heap

page read and write

3E95000

heap

page read and write

5C03000

heap

page read and write

30AB000

stack

page read and write

577D000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

CE0000

heap

page read and write

5971000

trusted library allocation

page read and write

56E0000

heap

page read and write

C5B000

heap

page read and write

5F95000

trusted library section

page read and write

C5B000

heap

page read and write

56CB000

heap

page read and write

56B4000

heap

page read and write

56B3000

heap

page read and write

5760000

heap

page read and write

577B000

heap

page read and write

5759000

heap

page read and write

3ED0000

heap

page read and write

577B000

heap

page read and write

56E0000

heap

page read and write

56AD000

heap

page read and write

575D000

heap

page read and write

572A000

heap

page read and write

2BEE000

stack

page read and write

577D000

heap

page read and write

56BC000

heap

page read and write

6CA1000

heap

page read and write

576A000

heap

page read and write

3DBF000

stack

page read and write

5760000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

56C3000

heap

page read and write

572A000

heap

page read and write

5C08000

heap

page read and write

3EE8000

heap

page read and write

5971000

trusted library allocation

page read and write

577B000

heap

page read and write

5726000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

5785000

heap

page read and write

577D000

heap

page read and write

56AD000

heap

page read and write

56BF000

heap

page read and write

56B6000

heap

page read and write

5C0E000

heap

page read and write

5C04000

heap

page read and write

577D000

heap

page read and write

575D000

heap

page read and write

CCB000

heap

page read and write

2CEE000

stack

page read and write

9F0000

heap

page read and write

56B3000

heap

page read and write

56AD000

heap

page read and write

3E84000

heap

page read and write

577B000

heap

page read and write

576A000

heap

page read and write

5760000

heap

page read and write

56AB000

heap

page read and write

56BC000

heap

page read and write

5759000

heap

page read and write

3E10000

heap

page read and write

577D000

heap

page read and write

3EA4000

heap

page read and write

572A000

heap

page read and write

5971000

trusted library allocation

page read and write

576A000

heap

page read and write

5420000

unkown

page readonly

56D8000

heap

page read and write

56B3000

heap

page read and write

56E0000

heap

page read and write

5490000

unkown

page readonly

56DC000

heap

page read and write

5726000

heap

page read and write

C5B000

heap

page read and write

98A000

stack

page read and write

56BF000

heap

page read and write

541B000

heap

page read and write

5735000

heap

page read and write

577B000

heap

page read and write

575D000

heap

page read and write

577D000

heap

page read and write

56CB000

heap

page read and write

572A000

heap

page read and write

3E9B000

heap

page read and write

5760000

heap

page read and write

56BC000

heap

page read and write

56B4000

heap

page read and write

574C000

heap

page read and write

56B2000

heap

page read and write

574C000

heap

page read and write

CE8000

heap

page read and write

577D000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

5749000

heap

page read and write

577B000

heap

page read and write

577D000

heap

page read and write

5760000

heap

page read and write

5971000

trusted library allocation

page read and write

575C000

heap

page read and write

577B000

heap

page read and write

56C3000

heap

page read and write

5760000

heap

page read and write

56AD000

heap

page read and write

C66000

heap

page read and write

5731000

heap

page read and write

5760000

heap

page read and write

3EBF000

heap

page read and write

572A000

heap

page read and write

5760000

heap

page read and write

5749000

heap

page read and write

575D000

heap

page read and write

56E0000

heap

page read and write

5971000

trusted library allocation

page read and write

577D000

heap

page read and write

5BFB000

heap

page read and write

56AC000

heap

page read and write

C8D000

heap

page read and write

C58000

heap

page read and write

5510000

unkown

page readonly

C39000

heap

page read and write

5735000

heap

page read and write

56CB000

heap

page read and write

56CB000

heap

page read and write

5735000

heap

page read and write

575D000

heap

page read and write

575D000

heap

page read and write

CD3000

heap

page read and write

5970000

trusted library allocation

page read and write

3E0C000

stack

page read and write

577D000

heap

page read and write

5759000

heap

page read and write

56AB000

heap

page read and write

5731000

heap

page read and write

5726000

heap

page read and write

575D000

heap

page read and write

56CB000

heap

page read and write

577B000

heap

page read and write

577B000

heap

page read and write

56D8000

heap

page read and write

5759000

heap

page read and write

CCD000

heap

page read and write

B95000

heap

page read and write

56AD000

heap

page read and write

576A000

heap

page read and write

577B000

heap

page read and write

56B4000

heap

page read and write

C37000

heap

page read and write

56CB000

heap

page read and write

5735000

heap

page read and write

5760000

heap

page read and write

56D8000

heap

page read and write

C57000

heap

page read and write

5735000

heap

page read and write

56B4000

heap

page read and write

E3C000

stack

page read and write

56BC000

heap

page read and write

C92000

heap

page read and write

56BF000

heap

page read and write

577D000

heap

page read and write

5735000

heap

page read and write

56D8000

heap

page read and write

56BF000

heap

page read and write

5410000

direct allocation

page read and write

577B000

heap

page read and write

5760000

heap

page read and write

C6C000

heap

page read and write

5726000

heap

page read and write

577B000

heap

page read and write

5760000

heap

page read and write

56D8000

heap

page read and write

3E59000

heap

page read and write

577B000

heap

page read and write

56AF000

heap

page read and write

5731000

heap

page read and write

3EC7000

heap

page read and write

CAF000

heap

page read and write

5760000

heap

page read and write

5C05000

heap

page read and write

576A000

heap

page read and write

5970000

trusted library allocation

page read and write

5450000

unkown

page readonly

5C12000

heap

page read and write

56DC000

heap

page read and write

56BF000

heap

page read and write

5749000

heap

page read and write

3480000

trusted library allocation

page read and write

577D000

heap

page read and write

56BF000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

C44000

heap

page read and write

5BF8000

heap

page read and write

577B000

heap

page read and write

574C000

heap

page read and write

56AD000

heap

page read and write

5726000

heap

page read and write

5731000

heap

page read and write

CCB000

heap

page read and write

577D000

heap

page read and write

56E0000

heap

page read and write

574C000

heap

page read and write

56AC000

heap

page read and write

5760000

heap

page read and write

C66000

heap

page read and write

5749000

heap

page read and write

56B4000

heap

page read and write

2BA4000

heap

page read and write

3E97000

heap

page read and write

3EBE000

heap

page read and write

3EBE000

heap

page read and write

577B000

heap

page read and write

56D8000

heap

page read and write

5BF1000

heap

page read and write

5759000

heap

page read and write

56BC000

heap

page read and write

56BC000

heap

page read and write

577B000

heap

page read and write

C5B000

heap

page read and write

56B4000

heap

page read and write

3EBE000

heap

page read and write

56D8000

heap

page read and write

3EC7000

heap

page read and write

577B000

heap

page read and write

5759000

heap

page read and write

577D000

heap

page read and write

575D000

heap

page read and write

5760000

heap

page read and write

5735000

heap

page read and write

5731000

heap

page read and write

5731000

heap

page read and write

576A000

heap

page read and write

56BF000

heap

page read and write

56B3000

heap

page read and write

568D000

stack

page read and write

56BC000

heap

page read and write

56CB000

heap

page read and write

5760000

heap

page read and write

56B4000

heap

page read and write

56DC000

heap

page read and write

56D8000

heap

page read and write

56C3000

heap

page read and write

54D0000

heap

page read and write

56A9000

heap

page read and write

5759000

heap

page read and write

5749000

heap

page read and write

56AD000

heap

page read and write

5731000

heap

page read and write

56B4000

heap

page read and write

6CA8000

heap

page read and write

5971000

trusted library allocation

page read and write

574C000

heap

page read and write

CDD000

heap

page read and write

5759000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

56C3000

heap

page read and write

575D000

heap

page read and write

575D000

heap

page read and write

5759000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

3E9A000

heap

page read and write

5726000

heap

page read and write

577D000

heap

page read and write

558C000

stack

page read and write

577B000

heap

page read and write

577D000

heap

page read and write

5760000

heap

page read and write

577B000

heap

page read and write

56B6000

heap

page read and write

5760000

heap

page read and write

577B000

heap

page read and write

5C1A000

heap

page read and write

5410000

unkown

page readonly

5760000

heap

page read and write

400B000

stack

page read and write

56DC000

heap

page read and write

5726000

heap

page read and write

5735000

heap

page read and write

1186000

unkown

page readonly

5760000

heap

page read and write

3E9A000

heap

page read and write

6CA0000

heap

page read and write

C6D000

heap

page read and write

56B4000

heap

page read and write

B90000

heap

page read and write

56BF000

heap

page read and write

5970000

trusted library allocation

page read and write

577B000

heap

page read and write

575D000

heap

page read and write

56CB000

heap

page read and write

56AF000

heap

page read and write

56E0000

heap

page read and write

572A000

heap

page read and write

574C000

heap

page read and write

5760000

heap

page read and write

5C12000

heap

page read and write

5C0F000

heap

page read and write

577D000

heap

page read and write

5749000

heap

page read and write

5731000

heap

page read and write

3E50000

heap

page read and write

5760000

heap

page read and write

5440000

unkown

page readonly

5C12000

heap

page read and write

3EBE000

heap

page read and write

577D000

heap

page read and write

56CB000

heap

page read and write

CAC000

heap

page read and write

5731000

heap

page read and write

576A000

heap

page read and write

5C17000

heap

page read and write

5760000

heap

page read and write

2B90000

heap

page read and write

C91000

heap

page read and write

5760000

heap

page read and write

33F0000

heap

page read and write

574C000

heap

page read and write

575D000

heap

page read and write

5760000

heap

page read and write

5760000

heap

page read and write

56AF000

heap

page read and write

5760000

heap

page read and write

5C0E000

heap

page read and write

572A000

heap

page read and write

5759000

heap

page read and write

577D000

heap

page read and write

5C1E000

heap

page read and write

577B000

heap

page read and write

56E0000

heap

page read and write

56C3000

heap

page read and write

B30000

heap

page read and write

3EA2000

heap

page read and write

56C3000

heap

page read and write

577B000

heap

page read and write

6680000

heap

page read and write

5749000

heap

page read and write

577B000

heap

page read and write

5726000

heap

page read and write

56B2000

heap

page read and write

56BC000

heap

page read and write

56BC000

heap

page read and write

1186000

unkown

page readonly

3E7F000

heap

page read and write

56B2000

heap

page read and write

56E0000

heap

page read and write

56AD000

heap

page read and write

572A000

heap

page read and write

577B000

heap

page read and write

5768000

heap

page read and write

576A000

heap

page read and write

56B4000

heap

page read and write

3E9E000

heap

page read and write

56DC000

heap

page read and write

5760000

heap

page read and write

56E0000

heap

page read and write

C7A000

heap

page read and write

56DC000

heap

page read and write

56DC000

heap

page read and write

577D000

heap

page read and write

577D000

heap

page read and write

575D000

heap

page read and write

577B000

heap

page read and write

56AD000

heap

page read and write

572A000

heap

page read and write

574C000

heap

page read and write

575D000

heap

page read and write

5971000

trusted library allocation

page read and write

BFA000

heap

page read and write

5726000

heap

page read and write

56BF000

heap

page read and write

575D000

heap

page read and write

5971000

trusted library allocation

page read and write

577B000

heap

page read and write

576A000

heap

page read and write

575D000

heap

page read and write

CE0000

heap

page read and write

5410000

direct allocation

page read and write

5C0E000

heap

page read and write

56BF000

heap

page read and write

56DC000

heap

page read and write

5735000

heap

page read and write

575D000

heap

page read and write

5470000

unkown

page readonly

577B000

heap

page read and write

CD4000

heap

page read and write

56DC000

heap

page read and write

56DC000

heap

page read and write

577B000

heap

page read and write

575D000

heap

page read and write

56B4000

heap

page read and write

577D000

heap

page read and write

B36000

heap

page read and write

5760000

heap

page read and write

56BC000

heap

page read and write

56D8000

heap

page read and write

577B000

heap

page read and write

5760000

heap

page read and write

5760000

heap

page read and write

5970000

trusted library allocation

page read and write

575D000

heap

page read and write

5760000

heap

page read and write

3E6E000

heap

page read and write

5C12000

heap

page read and write

5731000

heap

page read and write

577B000

heap

page read and write

CCC000

heap

page read and write

572A000

heap

page read and write

5749000

heap

page read and write

5735000

heap

page read and write

577B000

heap

page read and write

5760000

heap

page read and write

5690000

heap

page read and write

5760000

heap

page read and write

576A000

heap

page read and write

5971000

trusted library allocation

page read and write

3EA5000

heap

page read and write

5C0E000

heap

page read and write

577B000

heap

page read and write

574C000

heap

page read and write

56C3000

heap

page read and write

56B4000

heap

page read and write

56AB000

heap

page read and write

E81000

unkown

page execute read

5749000

heap

page read and write

5C0B000

heap

page read and write

575D000

heap

page read and write

5BFD000

heap

page read and write

56BF000

heap

page read and write

56BF000

heap

page read and write

577B000

heap

page read and write

5760000

heap

page read and write

5760000

heap

page read and write

56B4000

heap

page read and write

5749000

heap

page read and write

5971000

trusted library allocation

page read and write

56B4000

heap

page read and write

3CBE000

stack

page read and write

5C12000

heap

page read and write

56B6000

heap

page read and write

575D000

heap

page read and write

3E11000

heap

page read and write

56AD000

heap

page read and write

574C000

heap

page read and write

CD1000

heap

page read and write

56E0000

heap

page read and write

CE2000

heap

page read and write

5BE7000

heap

page read and write

577B000

heap

page read and write

CD1000

heap

page read and write

5726000

heap

page read and write

5760000

heap

page read and write

577D000

heap

page read and write

3E8A000

heap

page read and write

5760000

heap

page read and write

56C3000

heap

page read and write

C92000

heap

page read and write

CE0000

heap

page read and write

577B000

heap

page read and write

577D000

heap

page read and write

576A000

heap

page read and write

5760000

heap

page read and write

5971000

trusted library allocation

page read and write

5749000

heap

page read and write

5C07000

heap

page read and write

575D000

heap

page read and write

56B4000

heap

page read and write

CDD000

heap

page read and write

3C80000

direct allocation

page read and write

575D000

heap

page read and write

C5C000

heap

page read and write

577D000

heap

page read and write

56CB000

heap

page read and write

BF0000

heap

page read and write

56BC000

heap

page read and write

56DC000

heap

page read and write

3EC7000

heap

page read and write

5760000

heap

page read and write

576A000

heap

page read and write

56AD000

heap

page read and write

575D000

heap

page read and write

5C14000

heap

page read and write

5C0B000

heap

page read and write

56C3000

heap

page read and write

577D000

heap

page read and write

56E0000

heap

page read and write

577B000

heap

page read and write

E80000

unkown

page readonly

5760000

heap

page read and write

5759000

heap

page read and write

56AD000

heap

page read and write

5480000

unkown

page readonly

5C11000

heap

page read and write

E81000

unkown

page execute read

5731000

heap

page read and write

56B3000

heap

page read and write

572A000

heap

page read and write

There are 678 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
SecuriteInfo.com.Trojan.GenericKD.72635636.21001.25815.exe