Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.16359.15944.exe

"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.16359.15944.exe"

Details

Is windows:	false
Is dropped:	false
PID:	6660
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.FileRepMalware.16359.15944.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.16359.15944.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.FileRepMalware.16359.15944.exe"
Size:	1585816
MD5:	1EF81575C0F526800283239B2469818D
Time:	23:28:05
Date:	25/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	303104
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Uses 32bit PE files	Compliance, System Summary
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Sample reads its own file content	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Binary contains paths to debug symbols	Compliance, System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe" -f SecuriteInfo.com.FileRepMalware.16359.15944.exe

Details

Is windows:	false
Is dropped:	true
PID:	1248
Target ID:	4
Parent PID:	6660
Name:	mssched.exe
Class:	system-tools
Path:	C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe
Commandline:	"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe" -f SecuriteInfo.com.FileRepMalware.16359.15944.exe
Size:	1061520
MD5:	DDD7094ECD63758C260126E8A8D7880F
Time:	23:28:07
Date:	25/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x1fc13c70000
Modulesize:	1081344
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7108
Target ID:	6
Parent PID:	1028
Name:	mssched.exe
Class:	system-tools
Path:	C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe
Commandline:	"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe"
Size:	1061520
MD5:	DDD7094ECD63758C260126E8A8D7880F
Time:	23:28:17
Date:	25/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x125ca5b0000
Modulesize:	1081344
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\KillProcPCTT.exe

"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\KillProcPCTT.exe

Details

Is windows:	false
Is dropped:	true
PID:	6332
Target ID:	2
Parent PID:	6660
Name:	KillProcPCTT.exe
Class:	system-tools
Path:	C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\KillProcPCTT.exe
Commandline:	"C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\KillProcPCTT.exe
Size:	10896
MD5:	58AB737BC9B7870455589C683CBBE7D9
Time:	23:28:05
Date:	25/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3c0000
Modulesize:	32768
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Drops PE files	Persistence and Installation Behavior
Queries the volume information (name, serial number etc) of a device	Language, Device and Operating System Detection	System Information Discovery
Creates files inside the user directory	System Summary	Masquerading
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	1848
Target ID:	3
Parent PID:	6332
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	23:28:06
Date:	25/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html

unknown

https://sectigo.com/CPS0

unknown

http://169.254.170.2

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

http://ocsp.sectigo.com0

unknown

https://pctattletale.com/app/Authenticationv14.php/AddComputer

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

unknown

https://www.newtonsoft.com/json

unknown

http://s3.amazonaws.com/doc/2006-03-01/

unknown

http://169.254.170.2aUnable

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

http://nsis.sf.net/NSIS_ErrorError

unknown

http://www.pctattletale.com/members/autologinfirstrun.php?AuthKey=

unknown

https://pctattletale.com/app/Authenticationv14.php/SendKeyStrokes

unknown

https://pctattletale.com/app/Authenticationv14.php/CreateAccount

unknown

http://james.newtonking.com/projects/json

unknown

https://pctattletale.com/app/Authenticationv14.php/AddExclusionAccount

unknown

http://pctattletale.com/amazonfix.php

unknown

https://pctattletale.com/app/Authenticationv14.php/DeleteComputer

unknown

https://pctattletale.com:443/app/Authenticationv14.php

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

unknown

http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html)

unknown

http://www.pctattletale.com/members/forgotpassword.php

unknown

https://www.newtonsoft.com/jsonschema

unknown

https://ip-ranges.amazonaws.com/ip-ranges.json

unknown

https://www.nuget.org/packages/Newtonsoft.Json.Bson

unknown

http://www.pctattletale.com/removal.php

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://169.254.169.254

unknown

https://pctattletale.com/members/signup.php?source=PCTTSiteWinDownloadqhttp://www.pctattletale.com/m

unknown

https://pctattletale.com/app/Authenticationv14.php/GetComputerStatus

unknown

There are 21 hidden URLs, click here to show them.

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run

scheduler

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Value name:	scheduler
Value data:	C:\Program Files (x86)\Common Files\Microsoft Shared\scheduler\mssched.exe

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification	System Summary
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

HideFastUserSwitching

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349

Blob

Details

TargetID:	4
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 49 79 04 B0 EB 87 19 AC 47 B0 BC 11 51 9B 74 D0 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 20 00 00 00 01 00 00 00 36 04 00 00 30 82 04 32 30 82 03 1A A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 1E 17 0D 30 34 30 31 30 31 30 30 30 30 30 30 5A 17 0D 32 38 31 32 33 31 32 33 35 39 35 39 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE 40 9D F4 6E E1 EA 76 87 1C 4D 45 44 8E BE 46 C8 83 06 9D C1 2A FE 18 1F 8E E4 02 FA F3 AB 5D 50 8A 16 31 0B 9A 06 D0 C5 70 22 CD 49 2D 54 63 CC B6 6E 68 46 0B 53 EA CB 4C 24 C0 BC 72 4E EA F1 15 AE F4 54 9A 12 0A C3 7A B2 33 60 E2 DA 89 55 F3 22 58 F3 DE DC CF EF 83 86 A2 8C 94 4F 9F 68 F2 98 90 46 84 27 C7 76 BF E3 CC 35 2C 8B 5E 07 64 65 82 C0 48 B0 A8 91 F9 61 9F 76 20 50 A8 91 C7 66 B5 EB 78 62 03 56 F0 8A 1A 13 EA 31 A3 1E A0 99 FD 38 F6 F6 27 32 58 6F 07 F5 6B B8 FB 14 2B AF B7 AA CC D6 63 5F 73 8C DA 05 99 A8 38 A8 CB 17 78 36 51 AC E9 9E F4 78 3A 8D CF 0F D9 42 E2 98 0C AB 2F 9F 0E 01 DE EF 9F 99 49 F1 2D DF AC 74 4D 1B 98 B5 47 C5 E5 29 D1 F9 90 18 C7 62 9C BE 83 C7 26 7B 3E 8A 25 C7 C0 DD 9D E6 35 68 10 20 9D 8F D8 DE D2 C3 84 9C 0D 5E E8 2F C9 02 03 01 00 01 A3 81 C0 30 81 BD 30 1D 06 03 55 1D 0E 04 16 04 14 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 7B 06 03 55 1D 1F 04 74 30 72 30 38 A0 36 A0 34 86 32 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 63 61 2E 63 6F 6D 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 36 A0 34 A0 32 86 30 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 56 FC 02 F0 9B E8 FF A4 FA D6 7B C6 44 80 CE 4F C4 C5 F6 00 58 CC A6 B6 BC 14 49 68 04 76 E8 E6 EE 5D EC 02 0F 60 D6 8D 50 18 4F 26 4E 01 E3 E6 B0 A5 EE BF BC 74 54 41 BF FD FC 12 B8 C7 4F 5A F4 89 60 05 7F 60 B7 05 4A F3 F6 F1 C2 BF C4 B9 74 86 B6 2D 7D 6B CC D2 F3 46 DD 2F C6 E0 6A C3 C3 34 03 2C 7D 96 DD 5A C2 0E A7 0A 99 C1 05 8B AB 0C 2F F3 5C 3A CF 6C 37 55 09 87 DE 53 40 6C 58 EF FC B6 AB 65 6E 04 F6 1B DC 3C E0 5A 15 C6 9E D9 F1 59 48 30 21 65 03 6C EC E9 21 73 EC 9B 03 A1 E0 37 AD A0 15 18 8F FA BA 02 CE A7 2C A9 10 13 2C D4 E5 08 26 AB 22 97 60 F8 90 5E 74 D4 A2 9A 53 BD F2 A9 68 E0 A2 6E C2 D7 6C B1 A3 0F 9E BF EB 68 E7 56 F2 AE F2 E3 2B 38 3A 09 81 B5 6B 85 D7 BE 2D ED 3F 1A B7 B2 63 E2 F5 62 2C 82 D4 6A 00 41 50 F1 39 83 9F 95 E9 36 96 98 6E

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349

Blob

Details

TargetID:	4
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Value name:	Blob
Value data:	19 00 00 00 01 00 00 00 10 00 00 00 2A A1 C0 5E 2A E6 06 F1 98 C2 C5 E9 37 C9 7A A2 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 04 00 00 00 01 00 00 00 10 00 00 00 49 79 04 B0 EB 87 19 AC 47 B0 BC 11 51 9B 74 D0 20 00 00 00 01 00 00 00 36 04 00 00 30 82 04 32 30 82 03 1A A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 1E 17 0D 30 34 30 31 30 31 30 30 30 30 30 30 5A 17 0D 32 38 31 32 33 31 32 33 35 39 35 39 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE 40 9D F4 6E E1 EA 76 87 1C 4D 45 44 8E BE 46 C8 83 06 9D C1 2A FE 18 1F 8E E4 02 FA F3 AB 5D 50 8A 16 31 0B 9A 06 D0 C5 70 22 CD 49 2D 54 63 CC B6 6E 68 46 0B 53 EA CB 4C 24 C0 BC 72 4E EA F1 15 AE F4 54 9A 12 0A C3 7A B2 33 60 E2 DA 89 55 F3 22 58 F3 DE DC CF EF 83 86 A2 8C 94 4F 9F 68 F2 98 90 46 84 27 C7 76 BF E3 CC 35 2C 8B 5E 07 64 65 82 C0 48 B0 A8 91 F9 61 9F 76 20 50 A8 91 C7 66 B5 EB 78 62 03 56 F0 8A 1A 13 EA 31 A3 1E A0 99 FD 38 F6 F6 27 32 58 6F 07 F5 6B B8 FB 14 2B AF B7 AA CC D6 63 5F 73 8C DA 05 99 A8 38 A8 CB 17 78 36 51 AC E9 9E F4 78 3A 8D CF 0F D9 42 E2 98 0C AB 2F 9F 0E 01 DE EF 9F 99 49 F1 2D DF AC 74 4D 1B 98 B5 47 C5 E5 29 D1 F9 90 18 C7 62 9C BE 83 C7 26 7B 3E 8A 25 C7 C0 DD 9D E6 35 68 10 20 9D 8F D8 DE D2 C3 84 9C 0D 5E E8 2F C9 02 03 01 00 01 A3 81 C0 30 81 BD 30 1D 06 03 55 1D 0E 04 16 04 14 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 7B 06 03 55 1D 1F 04 74 30 72 30 38 A0 36 A0 34 86 32 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 63 61 2E 63 6F 6D 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 36 A0 34 A0 32 86 30 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 56 FC 02 F0 9B E8 FF A4 FA D6 7B C6 44 80 CE 4F C4 C5 F6 00 58 CC A6 B6 BC 14 49 68 04 76 E8 E6 EE 5D EC 02 0F 60 D6 8D 50 18 4F 26 4E 01 E3 E6 B0 A5 EE BF BC 74 54 41 BF FD FC 12 B8 C7 4F 5A F4 89 60 05 7F 60 B7 05 4A F3 F6 F1 C2 BF C4 B9 74 86 B6 2D 7D 6B CC D2 F3 46 DD 2F C6 E0 6A C3 C3 34 03 2C 7D 96 DD 5A C2 0E A7 0A 99 C1 05 8B AB 0C 2F F3 5C 3A CF 6C 37 55 09 87 DE 53 40 6C 58 EF FC B6 AB 65 6E 04 F6 1B DC 3C E0 5A 15 C6 9E D9 F1 59 48 30 21 65 03 6C EC E9 21 73 EC 9B 03 A1 E0 37 AD A0 15 18 8F FA BA 02 CE A7 2C A9 10 13 2C D4 E5 08 26 AB 22 97 60 F8 90 5E 74 D4 A2 9A 53 BD F2 A9 68 E0 A2 6E C2 D7 6C B1 A3 0F 9E BF EB 68 E7 56 F2 AE F2 E3 2B 38 3A 09 81 B5 6B 85 D7 BE 2D ED 3F 1A B7 B2 63 E2 F5 62 2C 82 D4 6A 00 41 50 F1 39 83 9F 95 E9 36 96 98 6E

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349

Blob

Details

TargetID:	4
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 08 00 00 04 00 00 00 01 00 00 00 10 00 00 00 49 79 04 B0 EB 87 19 AC 47 B0 BC 11 51 9B 74 D0 03 00 00 00 01 00 00 00 14 00 00 00 D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 1D 00 00 00 01 00 00 00 10 00 00 00 2E 0D 68 75 87 4A 44 C8 20 91 2E 85 E9 64 CF DB 14 00 00 00 01 00 00 00 14 00 00 00 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 0B 00 00 00 01 00 00 00 1C 00 00 00 53 00 65 00 63 00 74 00 69 00 67 00 6F 00 20 00 28 00 41 00 41 00 41 00 29 00 00 00 62 00 00 00 01 00 00 00 20 00 00 00 D7 A7 A0 FB 5D 7E 27 31 D7 71 E9 48 4E BC DE F7 1D 5F 0C 3E 0A 29 48 78 2B C8 3E E0 EA 69 9E F4 53 00 00 00 01 00 00 00 43 00 00 00 30 41 30 22 06 0C 2B 06 01 04 01 B2 31 01 02 01 05 01 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 30 1B 06 05 67 81 0C 01 03 30 12 30 10 06 0A 2B 06 01 04 01 82 37 3C 01 01 03 02 00 C0 09 00 00 00 01 00 00 00 54 00 00 00 30 52 06 08 2B 06 01 05 05 07 03 02 06 08 2B 06 01 05 05 07 03 03 06 0A 2B 06 01 04 01 82 37 0A 03 04 06 08 2B 06 01 05 05 07 03 04 06 08 2B 06 01 05 05 07 03 06 06 08 2B 06 01 05 05 07 03 07 06 08 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 03 08 0F 00 00 00 01 00 00 00 14 00 00 00 3E 8E 64 87 F8 FD 27 D3 22 A2 69 A7 1E DA AC 5D 57 81 12 86 19 00 00 00 01 00 00 00 10 00 00 00 2A A1 C0 5E 2A E6 06 F1 98 C2 C5 E9 37 C9 7A A2 20 00 00 00 01 00 00 00 36 04 00 00 30 82 04 32 30 82 03 1A A0 03 02 01 02 02 01 01 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 1E 17 0D 30 34 30 31 30 31 30 30 30 30 30 30 5A 17 0D 32 38 31 32 33 31 32 33 35 39 35 39 5A 30 7B 31 0B 30 09 06 03 55 04 06 13 02 47 42 31 1B 30 19 06 03 55 04 08 0C 12 47 72 65 61 74 65 72 20 4D 61 6E 63 68 65 73 74 65 72 31 10 30 0E 06 03 55 04 07 0C 07 53 61 6C 66 6F 72 64 31 1A 30 18 06 03 55 04 0A 0C 11 43 6F 6D 6F 64 6F 20 43 41 20 4C 69 6D 69 74 65 64 31 21 30 1F 06 03 55 04 03 0C 18 41 41 41 20 43 65 72 74 69 66 69 63 61 74 65 20 53 65 72 76 69 63 65 73 30 82 01 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 01 0F 00 30 82 01 0A 02 82 01 01 00 BE 40 9D F4 6E E1 EA 76 87 1C 4D 45 44 8E BE 46 C8 83 06 9D C1 2A FE 18 1F 8E E4 02 FA F3 AB 5D 50 8A 16 31 0B 9A 06 D0 C5 70 22 CD 49 2D 54 63 CC B6 6E 68 46 0B 53 EA CB 4C 24 C0 BC 72 4E EA F1 15 AE F4 54 9A 12 0A C3 7A B2 33 60 E2 DA 89 55 F3 22 58 F3 DE DC CF EF 83 86 A2 8C 94 4F 9F 68 F2 98 90 46 84 27 C7 76 BF E3 CC 35 2C 8B 5E 07 64 65 82 C0 48 B0 A8 91 F9 61 9F 76 20 50 A8 91 C7 66 B5 EB 78 62 03 56 F0 8A 1A 13 EA 31 A3 1E A0 99 FD 38 F6 F6 27 32 58 6F 07 F5 6B B8 FB 14 2B AF B7 AA CC D6 63 5F 73 8C DA 05 99 A8 38 A8 CB 17 78 36 51 AC E9 9E F4 78 3A 8D CF 0F D9 42 E2 98 0C AB 2F 9F 0E 01 DE EF 9F 99 49 F1 2D DF AC 74 4D 1B 98 B5 47 C5 E5 29 D1 F9 90 18 C7 62 9C BE 83 C7 26 7B 3E 8A 25 C7 C0 DD 9D E6 35 68 10 20 9D 8F D8 DE D2 C3 84 9C 0D 5E E8 2F C9 02 03 01 00 01 A3 81 C0 30 81 BD 30 1D 06 03 55 1D 0E 04 16 04 14 A0 11 0A 23 3E 96 F1 07 EC E2 AF 29 EF 82 A5 7F D0 30 A4 B4 30 0E 06 03 55 1D 0F 01 01 FF 04 04 03 02 01 06 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 7B 06 03 55 1D 1F 04 74 30 72 30 38 A0 36 A0 34 86 32 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 63 61 2E 63 6F 6D 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 36 A0 34 A0 32 86 30 68 74 74 70 3A 2F 2F 63 72 6C 2E 63 6F 6D 6F 64 6F 2E 6E 65 74 2F 41 41 41 43 65 72 74 69 66 69 63 61 74 65 53 65 72 76 69 63 65 73 2E 63 72 6C 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 08 56 FC 02 F0 9B E8 FF A4 FA D6 7B C6 44 80 CE 4F C4 C5 F6 00 58 CC A6 B6 BC 14 49 68 04 76 E8 E6 EE 5D EC 02 0F 60 D6 8D 50 18 4F 26 4E 01 E3 E6 B0 A5 EE BF BC 74 54 41 BF FD FC 12 B8 C7 4F 5A F4 89 60 05 7F 60 B7 05 4A F3 F6 F1 C2 BF C4 B9 74 86 B6 2D 7D 6B CC D2 F3 46 DD 2F C6 E0 6A C3 C3 34 03 2C 7D 96 DD 5A C2 0E A7 0A 99 C1 05 8B AB 0C 2F F3 5C 3A CF 6C 37 55 09 87 DE 53 40 6C 58 EF FC B6 AB 65 6E 04 F6 1B DC 3C E0 5A 15 C6 9E D9 F1 59 48 30 21 65 03 6C EC E9 21 73 EC 9B 03 A1 E0 37 AD A0 15 18 8F FA BA 02 CE A7 2C A9 10 13 2C D4 E5 08 26 AB 22 97 60 F8 90 5E 74 D4 A2 9A 53 BD F2 A9 68 E0 A2 6E C2 D7 6C B1 A3 0F 9E BF EB 68 E7 56 F2 AE F2 E3 2B 38 3A 09 81 B5 6B 85 D7 BE 2D ED 3F 1A B7 B2 63 E2 F5 62 2C 82 D4 6A 00 41 50 F1 39 83 9F 95 E9 36 96 98 6E

Signature Hits	Behavior Group	Mitre Attack
Adds / modifies Windows certificates	Lowering of HIPS / PFW / Operating System Security Settings	Disable or Modify Tools

Memdumps

Base Address

Regiontype

Protect

Malicious

125E4BF8000

heap

page read and write

1FC13F20000

heap

page read and write

21DE000

stack

page read and write

40A000

unkown

page read and write

627000

heap

page read and write

1FC2E2B0000

heap

page execute and read and write

7FF848E30000

trusted library allocation

page execute and read and write

2A58FF000

stack

page read and write

1FC2E262000

trusted library section

page read and write

42C000

unkown

page read and write

2500000

trusted library allocation

page execute and read and write

125CA9F5000

heap

page read and write

7FF848F25000

trusted library allocation

page read and write

7FF848F30000

trusted library allocation

page execute and read and write

63E000

heap

page read and write

3C4000

unkown

page readonly

7FF848D53000

trusted library allocation

page execute and read and write

7FF848F60000

trusted library allocation

page execute and read and write

7C0000

heap

page read and write

1FC2E43F000

heap

page read and write

1FC13C70000

unkown

page readonly

2A50FE000

stack

page read and write

7FF848F55000

trusted library allocation

page read and write

1FC15C73000

trusted library allocation

page read and write

408000

unkown

page readonly

90E000

stack

page read and write

7FF848E0C000

trusted library allocation

page execute and read and write

1FC2E600000

heap

page read and write

125DC3A8000

trusted library allocation

page read and write

7FF848F50000

trusted library allocation

page read and write

36E1000

trusted library allocation

page read and write

125CC220000

heap

page read and write

3C0000

unkown

page readonly

1FC2FA10000

heap

page execute and read and write

24B0000

trusted library allocation

page read and write

7FF848D7B000

trusted library allocation

page execute and read and write

CB0000

heap

page read and write

1FC2E429000

heap

page read and write

7FF848D94000

trusted library allocation

page read and write

125CA7B8000

heap

page read and write

A50000

heap

page read and write

1FC15C8A000

trusted library allocation

page read and write

1FC15C96000

trusted library allocation

page read and write

1FC1402E000

heap

page read and write

36E4000

trusted library allocation

page read and write

624000

heap

page read and write

213E000

stack

page read and write

A1576FC000

stack

page read and write

1FC1403B000

heap

page read and write

1FC13FB0000

trusted library allocation

page read and write

1FC2E4B0000

heap

page read and write

449000

unkown

page readonly

1FC308F0000

heap

page read and write

125CC3A1000

trusted library allocation

page read and write

5C0000

heap

page read and write

7FF848D9D000

trusted library allocation

page execute and read and write

1FC15BA2000

trusted library allocation

page read and write

1FC15C36000

trusted library allocation

page read and write

1FC15BE7000

trusted library allocation

page read and write

1FC2FAB2000

unkown

page readonly

125CA9F0000

heap

page read and write

450000

heap

page read and write

7FF848F10000

trusted library allocation

page read and write

A4E000

stack

page read and write

7EF000

stack

page read and write

125CA7BD000

heap

page read and write

440000

unkown

page read and write

1FC15B94000

trusted library allocation

page read and write

1FC15BCF000

trusted library allocation

page read and write

125CA9D0000

trusted library allocation

page read and write

1FC2F64B000

heap

page read and write

1FC15BE4000

trusted library allocation

page read and write

910000

heap

page read and write

125CA770000

heap

page read and write

1FC15C69000

trusted library allocation

page read and write

1FC15A14000

trusted library allocation

page read and write

1FC2E110000

trusted library section

page readonly

CA0000

trusted library allocation

page read and write

1FC2E605000

heap

page read and write

1FC14190000

heap

page read and write

125CA790000

heap

page read and write

A156DB4000

stack

page read and write

7FF848E00000

trusted library allocation

page read and write

1FC13EE0000

heap

page read and write

1FC2E406000

heap

page read and write

249B000

trusted library allocation

page execute and read and write

3705000

trusted library allocation

page read and write

1FC15C6E000

trusted library allocation

page read and write

23D0000

heap

page read and write

2464000

trusted library allocation

page read and write

125CA799000

heap

page read and write

638000

heap

page read and write

A1579FE000

stack

page read and write

1FC13FEA000

heap

page read and write

7FF848E06000

trusted library allocation

page read and write

19A000

stack

page read and write

125E4BF6000

heap

page read and write

1FC13FC0000

heap

page read and write

7FF4E1200000

trusted library allocation

page execute and read and write

7FF848E36000

trusted library allocation

page execute and read and write

2490000

trusted library allocation

page read and write

7FF848D74000

trusted library allocation

page read and write

7FF848E26000

trusted library allocation

page read and write

1FC15C5F000

trusted library allocation

page read and write

1FC14000000

heap

page read and write

63F000

heap

page read and write

1FC14110000

heap

page read and write

7FF848D90000

trusted library allocation

page read and write

1FC15BA8000

trusted library allocation

page read and write

7FF848D54000

trusted library allocation

page read and write

627000

heap

page read and write

1FC15CB5000

trusted library allocation

page read and write

1FC25951000

trusted library allocation

page read and write

1FC2E1E0000

heap

page read and write

1FC15BDB000

trusted library allocation

page read and write

2470000

trusted library allocation

page read and write

431000

unkown

page read and write

633000

heap

page read and write

1FC15B9A000

trusted library allocation

page read and write

5F8000

heap

page read and write

1FC14113000

heap

page read and write

1FC2FD12000

trusted library allocation

page read and write

125CA7CC000

heap

page read and write

1FC15C21000

trusted library allocation

page read and write

7FF848D52000

trusted library allocation

page read and write

1FC13FCC000

heap

page read and write

1FC15B7F000

trusted library allocation

page read and write

1FC13F00000

heap

page read and write

1FC2FCF4000

trusted library allocation

page read and write

1FC2E463000

heap

page read and write

1FC13FA0000

trusted library allocation

page read and write

60C000

heap

page read and write

1FC14150000

heap

page read and write

62B000

heap

page read and write

408000

unkown

page readonly

62B000

heap

page read and write

7FF848D5D000

trusted library allocation

page execute and read and write

2310000

heap

page read and write

7FF848D8D000

trusted library allocation

page execute and read and write

3C2000

unkown

page readonly

5F0000

heap

page read and write

23D4000

heap

page read and write

A1574FE000

stack

page read and write

65C000

stack

page read and write

1FC2F654000

heap

page read and write

1FC15BD5000

trusted library allocation

page read and write

7FF848F10000

trusted library allocation

page read and write

5BE000

stack

page read and write

1FC14059000

heap

page read and write

25D0000

heap

page read and write

291F000

stack

page read and write

1FC25941000

trusted library allocation

page read and write

125CC390000

heap

page execute and read and write

4A0000

heap

page read and write

1FC15BC8000

trusted library allocation

page read and write

125CA5B0000

unkown

page readonly

40A000

unkown

page write copy

7FF848D60000

trusted library allocation

page read and write

125E4BC0000

heap

page read and write

1FC14195000

heap

page read and write

91E000

heap

page read and write

759000

stack

page read and write

125CA9B0000

trusted library allocation

page read and write

1FC15C2A000

trusted library allocation

page read and write

C5E000

stack

page read and write

A1572FF000

stack

page read and write

125E4BD0000

heap

page read and write

7FF848F20000

trusted library allocation

page read and write

1FC14120000

heap

page execute and read and write

125DC3AD000

trusted library allocation

page read and write

2A51FE000

stack

page read and write

4B90000

heap

page read and write

1FC14038000

heap

page read and write

24FE000

stack

page read and write

1FC15C64000

trusted library allocation

page read and write

1FC2E4ED000

heap

page read and write

1FC2F710000

trusted library allocation

page read and write

7FF848D50000

trusted library allocation

page read and write

125CC480000

trusted library allocation

page read and write

125CAA00000

heap

page read and write

A1578FE000

stack

page read and write

A1573FC000

stack

page read and write

1FC15C58000

trusted library allocation

page read and write

1FC2E1C0000

trusted library allocation

page read and write

1FC13C72000

unkown

page readonly

7FF848D74000

trusted library allocation

page read and write

400000

unkown

page readonly

7FF848D6D000

trusted library allocation

page execute and read and write

8C5000

heap

page read and write

1FC2F646000

heap

page read and write

7FF848EF0000

trusted library allocation

page read and write

7FF848E90000

trusted library allocation

page execute and read and write

1FC30FF9000

heap

page read and write

7FF848E70000

trusted library allocation

page execute and read and write

1FC2FAB0000

unkown

page readonly

248A000

trusted library allocation

page execute and read and write

1FC15BEE000

trusted library allocation

page read and write

1FC15CB2000

trusted library allocation

page read and write

125CC250000

heap

page read and write

125CA7CA000

heap

page read and write

C60000

heap

page read and write

7FF848D73000

trusted library allocation

page execute and read and write

1FC15C3F000

trusted library allocation

page read and write

1FC2FB28000

unkown

page readonly

638000

heap

page read and write

125CA7BA000

heap

page read and write

125DC3B1000

trusted library allocation

page read and write

1FC1403E000

heap

page read and write

2474000

trusted library allocation

page read and write

25C0000

trusted library allocation

page read and write

49E000

stack

page read and write

98000

stack

page read and write

7FF848E56000

trusted library allocation

page execute and read and write

125CA7FA000

heap

page read and write

2A55FF000

stack

page read and write

915000

heap

page read and write

7FF848D63000

trusted library allocation

page read and write

125CA750000

heap

page read and write

7FF848F00000

trusted library allocation

page read and write

21E0000

heap

page read and write

1FC15C14000

trusted library allocation

page read and write

1FC14003000

heap

page read and write

60F000

heap

page read and write

1FC15941000

trusted library allocation

page read and write

2A59FE000

stack

page read and write

8A0000

heap

page read and write

1FC13E00000

heap

page read and write

1FC15BF6000

trusted library allocation

page read and write

7FF848E20000

trusted library allocation

page read and write

26DF000

stack

page read and write

2320000

heap

page read and write

2A56FE000

stack

page read and write

1FC13F75000

heap

page read and write

1FC2E2B6000

heap

page execute and read and write

22EF000

stack

page read and write

1FC15C0F000

trusted library allocation

page read and write

638000

heap

page read and write

125CC240000

heap

page read and write

7FF848F20000

trusted library allocation

page read and write

952000

heap

page read and write

125CAA05000

heap

page read and write

1FC13FB3000

trusted library allocation

page read and write

125CA740000

heap

page read and write

1FC15BB1000

trusted library allocation

page read and write

125DC3A1000

trusted library allocation

page read and write

1FC2E4C0000

heap

page read and write

125CA7CF000

heap

page read and write

400000

unkown

page readonly

A1577FE000

stack

page read and write

1FC2E3D3000

heap

page read and write

93E000

heap

page read and write

1FC15C2F000

trusted library allocation

page read and write

7FF848D83000

trusted library allocation

page read and write

2A54FF000

stack

page read and write

7FF848E10000

trusted library allocation

page execute and read and write

1FC15BB7000

trusted library allocation

page read and write

2A4D34000

stack

page read and write

8C0000

heap

page read and write

125E4C0D000

heap

page read and write

125CC1E0000

heap

page execute and read and write

946000

heap

page read and write

7FF848D80000

trusted library allocation

page read and write

1FC15C27000

trusted library allocation

page read and write

125CA960000

heap

page read and write

1FC13F80000

trusted library allocation

page read and write

281F000

stack

page read and write

B5F000

stack

page read and write

2A52FF000

stack

page read and write

449000

unkown

page readonly

8EF000

stack

page read and write

1FC13D38000

unkown

page readonly

401000

unkown

page execute read

1FC13F70000

heap

page read and write

1FC15C4B000

trusted library allocation

page read and write

1FC2E402000

heap

page read and write

2497000

trusted library allocation

page execute and read and write

1FC15AA7000

trusted library allocation

page read and write

471E000

stack

page read and write

1FC2E481000

heap

page read and write

1FC15C49000

trusted library allocation

page read and write

1FC14030000

heap

page read and write

1FC2E3B0000

heap

page read and write

1FC15BBF000

trusted library allocation

page read and write

26E1000

trusted library allocation

page read and write

7FF848D88000

trusted library allocation

page read and write

20FE000

stack

page read and write

1FC15B9C000

trusted library allocation

page read and write

42F000

unkown

page read and write

2A57FF000

stack

page read and write

91A000

heap

page read and write

910000

heap

page read and write

2463000

trusted library allocation

page execute and read and write

7FF848D7D000

trusted library allocation

page execute and read and write

7FF848DCC000

trusted library allocation

page execute and read and write

2A53FD000

stack

page read and write

1FC2E1A0000

heap

page read and write

401000

unkown

page execute read

125CC243000

heap

page read and write

7FF848F40000

trusted library allocation

page execute and read and write

641000

heap

page read and write

7FF848E2C000

trusted library allocation

page execute and read and write

1FC140E0000

heap

page read and write

632000

heap

page read and write

1FC2F610000

heap

page read and write

481E000

stack

page read and write

2510000

heap

page execute and read and write

1FC2F63F000

heap

page read and write

7FF848DAC000

trusted library allocation

page execute and read and write

7FF848D7D000

trusted library allocation

page execute and read and write

7FF848D70000

trusted library allocation

page read and write

1FC2E44A000

heap

page read and write

There are 301 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.FileRepMalware.16359.15944.exe

Files

Processes

URLs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.FileRepMalware.16359.15944.exe

Files

Processes

URLs

Registry

Memdumps

IOC Report
SecuriteInfo.com.FileRepMalware.16359.15944.exe