Automated Malware Analysis IOC Report for

Files

File Path

Type

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\skuld3.exe

"C:\Users\user\Desktop\skuld3.exe"

C:\Windows\System32\attrib.exe

attrib +h +s C:\Users\user\Desktop\skuld3.exe

C:\Windows\System32\attrib.exe

attrib +h +s C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

"C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe"

C:\Windows\System32\fodhelper.exe

fodhelper

C:\Windows\System32\fodhelper.exe

"C:\Windows\system32\fodhelper.exe"

C:\Windows\System32\fodhelper.exe

"C:\Windows\system32\fodhelper.exe"

C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

"C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe"

C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

"C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe"

C:\Windows\System32\fodhelper.exe

fodhelper

C:\Windows\System32\fodhelper.exe

"C:\Windows\system32\fodhelper.exe"

C:\Windows\System32\fodhelper.exe

"C:\Windows\system32\fodhelper.exe"

C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

"C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe"

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\wbem\WMIC.exe

wmic csproduct get UUID

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

cmd.exe /C fodhelper

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\cmd.exe

cmd.exe /C fodhelper

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

There are 11 hidden processes, click here to show them.

URLs

Name

Malicious

https://api.ipify.org/

104.26.13.205

https://api.ipify.org/-DisableIOAVProtection-DisableScriptScanning%s

unknown

https://discordapp.com/api/webhooks/1293231846204903474/NlFoQQli1eEBiZ1mTgA4lGWcgDGUPQu-TH2KjA0djnkL

unknown

https://github.com/hackirby/wallets-injection/raw/main/atomic.asarhttps://github.com/hackirby/wallet

unknown

https://raw.githubusercontent.com/hackirby/discord-injection/main/injection.js1157920892103562487626

unknown

https://avatars.githubusercontent.com/u/145487845?v=4sqlite:

unknown

https://api.gofile.io/getServerhttps://%s.gofile.io/uploadFilesql:

unknown

https://i.ibb.co/GFZ2tHJ/shakabaiano-1674282487.jpgJSON

unknown

http://ip-api.com/json

unknown

https://discord.com/api/v9/users/

unknown

http://ip-api.com/line/?fields=hosting

208.95.112.1

There are 1 hidden URLs, click here to show them.

Domains

Name

Malicious

api.ipify.org

104.26.13.205

Details

Name:	api.ipify.org
IP:	104.26.13.205
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Found many strings related to Crypto-Wallets (likely being stolen)	Stealing of Sensitive Information	Data from Local System
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

ip-api.com

208.95.112.1

Details

Name:	ip-api.com
IP:	208.95.112.1
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Check if machine is in data center or colocation facility	Malware Analysis System Evasion	Security Software Discovery
May check the online IP address of the machine	Networking	System Network Configuration Discovery
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

208.95.112.1

ip-api.com

United States

104.26.13.205

api.ipify.org

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8

Blob

Details

TargetID:	0
Path:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
Value name:	Blob
Value data:	5C 00 00 00 01 00 00 00 04 00 00 00 00 10 00 00 19 00 00 00 01 00 00 00 10 00 00 00 49 50 8B 6C BE 29 D8 39 31 16 93 FA 24 E5 8D 98 0F 00 00 00 01 00 00 00 14 00 00 00 71 75 75 34 54 C2 98 2E 84 ED 48 F5 B4 EE 52 48 7F 4A 37 CD 03 00 00 00 01 00 00 00 14 00 00 00 3F 72 8A 35 DE 52 B2 C8 99 4A 4F B1 01 A0 3B 95 E8 7B 06 C8 14 00 00 00 01 00 00 00 14 00 00 00 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 04 00 00 00 01 00 00 00 10 00 00 00 0A 0A 18 29 36 E6 C3 DF 7F A3 4D 0F FD 41 5E 22 20 00 00 00 01 00 00 00 FD 05 00 00 30 82 05 F9 30 82 03 E1 A0 03 02 01 02 02 09 00 D2 1E F1 F6 E3 4F 6B B8 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 1E 17 0D 31 35 30 33 31 37 31 34 31 36 33 38 5A 17 0D 34 35 30 33 30 39 31 34 31 36 33 38 5A 30 81 92 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 0C 0A 43 61 6C 69 66 6F 72 6E 69 61 31 16 30 14 06 03 55 04 07 0C 0D 53 61 6E 20 46 72 61 6E 63 69 73 63 6F 31 2A 30 28 06 03 55 04 0A 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 31 2A 30 28 06 03 55 04 03 0C 21 54 68 65 20 55 6E 69 76 65 72 73 65 20 53 65 63 75 72 69 74 79 20 43 6F 6D 70 61 6E 79 20 4C 74 64 30 82 02 22 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 82 02 0F 00 30 82 02 0A 02 82 02 01 00 AE 85 81 A8 AB 4F 18 6F B8 FF D9 66 4D B0 3F E7 A3 06 9B 8D 6E 32 30 46 84 32 00 D0 A2 58 15 E3 83 1A 98 23 89 66 FA DC CF E9 B3 3F 7A 15 85 38 42 6D A3 6A 64 14 CB 41 56 ED FE 59 95 38 F1 FA AB E9 4B 06 52 B7 83 58 97 69 5A 3D 75 98 98 9F CE ED 1D 79 20 30 90 20 F1 57 23 2F 00 62 F2 FE BD 48 D8 62 D9 25 72 A2 12 C8 7A 04 2F A5 E3 74 75 DD 7A 1C 60 40 6B 37 C3 D8 4F 7D C1 E7 68 97 5E 36 08 A8 1C 35 78 81 AF A7 4E B4 88 D0 AB 10 74 03 CB 8C 9B AC 63 27 B9 DC 75 E6 6B 5D 32 18 95 0B FD 03 C5 66 DF C6 57 65 56 E9 77 31 59 42 23 46 2D 2A 03 7B 32 C5 3B AB C6 6A 2F B5 48 7F 9E 7A 61 60 40 DA AA 16 B4 38 26 8D B3 71 4A 6D 28 4A 21 0E 26 DA D0 30 B3 FA 74 3E CF EF 28 24 47 39 B8 EE 10 06 5A 65 67 F2 37 66 D9 57 26 A4 2A 9B DF A0 37 5D C0 ED 65 59 F9 E9 E6 F8 8E A7 AE 3A F4 72 E5 F8 62 BB B5 97 A7 A0 1C 32 5B 35 14 43 53 6B C4 C9 E8 3E 21 61 8C 3C 3F CE 4A 14 8B DA 41 39 D1 C5 E3 34 A3 C4 44 0C 5D BB 0D 78 E8 31 BE 4A A9 CF B3 D5 12 21 AE 6D 28 4C 86 98 E4 0A 99 81 BF 98 11 99 86 28 AB EB 15 EF A9 50 B9 43 AE B1 03 69 06 63 6D 11 93 D9 C0 FB 97 FE 0A F5 CD 4F 10 90 9E 19 FB 6F 66 44 0C 50 20 B1 A3 A7 27 45 15 FA C9 45 20 EA B9 DF CE C6 E4 61 4F 08 09 FA 5D 13 8F 03 FB DA 95 85 E0 5C BC 2D A9 CC 8E BA 76 B9 6A 80 2E 69 74 62 19 28 02 EC 60 11 A6 0F 64 C2 FF 9B 5E 7D 0F F1 D4 6B 4D FD 99 BB C1 3D 05 DE 6E F2 B2 CE 1F 51 A5 E3 43 D1 E7 24 76 36 2F 9A 02 0D DA 34 A6 2D E0 1D 22 14 C5 7E FD B7 0F 31 B1 4A D0 AA A7 73 57 C5 C2 63 D8 C3 2F 37 39 12 BF C0 91 F7 AC A6 AB 48 ED 82 4B C7 4D 30 06 EA 6C A7 C2 B1 A1 09 02 96 6A 3D 02 03 01 00 01 A3 50 30 4E 30 1D 06 03 55 1D 0E 04 16 04 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 1F 06 03 55 1D 23 04 18 30 16 80 14 BB 3B 3F AA 10 70 C8 55 F7 24 E9 3B FD 32 19 F4 F6 11 6B 3A 30 0C 06 03 55 1D 13 04 05 30 03 01 01 FF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 02 01 00 48 3C 18 2B 72 E4 57 52 A8 95 35 C6 A1 73 71 20 85 20 94 FF 55 E7 1B 02 9C 05 C8 31 F8 85 B2 79 BE B2 47 55 74 E0 55 70 6B 17 24 9F 0B 6A 92 FE 41 04 22 4F 25 F4 5C DA 25 EF A9 32 CD CC 57 AD 88 5B 56 14 5F 7A 38 02 D3 18 23 8D A5 D8 FB 9F 43 A3 1A 68 2E 42 06 72 26 01 A2 EB DB AF 70 2E 57 12 35 7C B2 A1 EF AB 12 E0 81 55 84 37 C8 FD 95 AE DE 58 60 40 52 A1 C7 75 18 A1 2F 92 5A C0 AB C9 1B A7 17 19 4E 4D D8 53 FB C6 C3 7C 33 53 51 5B 3A 64 31 60 A4 B3 07 72 D7 39 1A F9 8A A2 70 E4 B4 D6 BF 6A AD 24 76 74 CE C7 EA 87 3E 28 6C EF 08 09 4F 79 FB CF 77 FF FA F8 77 04 4A 30 90 5B 27 11 5C 79 60 60 64 1A CB 6E 2C 5E 1C B0 53 AC 28 4A 8B 8B DF AE 01 41 D2 12 3F 7B 22 54 D2 8E 3C C4 A1 FF 4A 6C D3 1B EB 1D 35 94 14 F5 79 44 BE C2 E6 93 9B BA 4D D0 81 94 E9 25 BE 43 FC 2C 92 E5 CA DC 5D 9D CF CA 8B CF 0C E0 3D 29 21 44 4A C0 19 F4 F3 D5 7E F5 74 35 2B FC DF A3 F7 3C C5 D6 7A 7A 0B B6 2B C7 BF F9 8F 6E B5 56 44 0F A9 45 80 9F 88 21 82 99 2C DC 85 DA 25 65 55 ED D3 1C 36 4E D6 63 46 68 AF 6C 87 5C C5 F6 89 C2 E1 70 F4 87 0F F1 DE F0 8E 72 E4 CA CB 83 2B CD B1 7A 54 41 AF 97 38 DF F7 EA 8C 7A B2 D1 1B E9 E9 D3 BF 41 0F 21 F0 AA 8D 95 B6 CD 91 90 DF 71 E7 72 96 9D 3F 18 B9 98 8C CE 15 45 99 83 FB BD 61 4E AD 63 36 71 86 5D BD A3 17 61 6F 31 57 A4 25 3D ED 24 6A 9E 94 E0 D8 67 F0 17 12 86 B7 4E 65 93 A6 BD 8A 2A 06 6B EC 0F DE E0 B5 9C A0 AF D5 A4 32 A2 70 75 A1 02 A9 7F 85 D9 39 38 80 BB 41 A6 0F A3 8D 1F F1 66 E0 04 B3 A2 88 03 8B A7 AF E1 A1 60 95 F6 CB 76 12 C8 51 83 1E 14 E2 0B B5 6C F1 4B 96 21 F9 DE AA B2 CD 71 B8 63

Signature Hits	Behavior Group	Mitre Attack
Installs new ROOT certificates	Persistence and Installation Behavior	Install Root Certificate
Stores large binary data to the registry	Hooking and other Techniques for Hiding and Protection	Modify Registry

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr

EnableCounterForIoctl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Realtek HD Audio Universal Service

Details

TargetID:	0
Path:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value name:	Realtek HD Audio Universal Service
Value data:	C:\Users\user\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Creates an autostart registry key	Boot Survival	Registry Run Keys / Startup Folder

HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command

NULL

HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command

DelegateExecute

HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command

NULL

HKEY_CURRENT_USER_Classes\ms-settings\shell\open\command

DelegateExecute

Memdumps

Base Address

Regiontype

Protect

Malicious

941000

unkown

page execute and read and write

D71000

unkown

page execute and read and write

D71000

unkown

page execute and read and write

D71000

unkown

page execute and read and write

D71000

unkown

page execute and read and write

C00021A000

direct allocation

page read and write

229FA855000

heap

page read and write

C000198000

direct allocation

page read and write

C0000C8000

direct allocation

page read and write

C000080000

direct allocation

page read and write

1986B240000

heap

page read and write

C000194000

direct allocation

page read and write

C0001B6000

direct allocation

page read and write

229D3BB0000

heap

page read and write

C000168000

direct allocation

page read and write

C00002A000

direct allocation

page read and write

2CB3F340000

heap

page read and write

AD4F9FF000

stack

page read and write

19871F00000

direct allocation

page read and write

C000184000

direct allocation

page read and write

C00023E000

direct allocation

page read and write

223DC809000

heap

page read and write

C000204000

direct allocation

page read and write

C0000BC000

direct allocation

page read and write

1D726830000

heap

page read and write

229FAF33000

heap

page read and write

C00002C000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

223DC050000

heap

page read and write

C000008000

direct allocation

page read and write

C000041000

direct allocation

page read and write

19871F50000

direct allocation

page read and write

1F43DE10000

direct allocation

page read and write

172B000

unkown

page execute and read and write

223DC0C9000

heap

page read and write

C0001D6000

direct allocation

page read and write

223DC0AF000

heap

page read and write

223DC0A1000

heap

page read and write

C000092000

direct allocation

page read and write

223DC7F8000

heap

page read and write

C0000AA000

direct allocation

page read and write

C00003F000

direct allocation

page read and write

C00018A000

direct allocation

page read and write

223DC0A3000

heap

page read and write

C0001CE000

direct allocation

page read and write

177B000

unkown

page execute and read and write

229D3BFC000

heap

page read and write

525AB7E000

stack

page read and write

C000116000

direct allocation

page read and write

1F4630F1000

direct allocation

page read and write

FD6D9FE000

stack

page read and write

2CB3F330000

direct allocation

page read and write

C000012000

direct allocation

page read and write

223DC812000

heap

page read and write

C000064000

direct allocation

page read and write

C00014A000

direct allocation

page read and write

9A605FF000

stack

page read and write

C0001CA000

direct allocation

page read and write

9316E7E000

stack

page read and write

C00020E000

direct allocation

page read and write

C00016E000

direct allocation

page read and write

17B7000

unkown

page write copy

C000010000

direct allocation

page read and write

C0001AC000

direct allocation

page read and write

C00003F000

direct allocation

page read and write

1770000

unkown

page execute and read and write

223DC322000

heap

page read and write

C000150000

direct allocation

page read and write

C0001B6000

direct allocation

page read and write

C0001C8000

direct allocation

page read and write

1D581E40000

heap

page read and write

C000054000

direct allocation

page read and write

148C000

unkown

page execute and write copy

5E29BFC000

stack

page read and write

C0000F0000

direct allocation

page read and write

C000010000

direct allocation

page read and write

FD6DBFF000

stack

page read and write

21F79500000

direct allocation

page read and write

1D724C20000

heap

page read and write

C000010000

direct allocation

page read and write

C000086000

direct allocation

page read and write

9A5F9CE000

stack

page read and write

C000144000

direct allocation

page read and write

21F7ADD0000

heap

page read and write

229FAF30000

heap

page read and write

C00011A000

direct allocation

page read and write

229F8FC0000

direct allocation

page read and write

C000076000

direct allocation

page read and write

229D3BF6000

heap

page read and write

C000200000

direct allocation

page read and write

C00014C000

direct allocation

page read and write

223DC320000

heap

page read and write

C000060000

direct allocation

page read and write

525AA7F000

stack

page read and write

FD6E1FE000

stack

page read and write

C000060000

direct allocation

page read and write

C0000EA000

direct allocation

page read and write

21F7AE00000

heap

page read and write

5E295FC000

stack

page read and write

C0000AC000

direct allocation

page read and write

223DC0BA000

heap

page read and write

C00003A000

direct allocation

page read and write

C00019A000

direct allocation

page read and write

229D3BFC000

heap

page read and write

1986B2A0000

heap

page read and write

223DC809000

heap

page read and write

C00015E000

direct allocation

page read and write

C000062000

direct allocation

page read and write

C000204000

direct allocation

page read and write

C000144000

direct allocation

page read and write

223DC0C7000

heap

page read and write

C000208000

direct allocation

page read and write

C0001A0000

direct allocation

page read and write

C00012E000

direct allocation

page read and write

17B7000

unkown

page write copy

C000002000

direct allocation

page read and write

C0001C8000

direct allocation

page read and write

D70000

unkown

page readonly

21F342C0000

direct allocation

page read and write

C000168000

direct allocation

page read and write

C000131000

direct allocation

page read and write

C0001D6000

direct allocation

page read and write

C000176000

direct allocation

page read and write

C0000C2000

direct allocation

page read and write

5E293FB000

stack

page read and write

C000002000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

C000114000

direct allocation

page read and write

C000002000

direct allocation

page read and write

C0001CC000

direct allocation

page read and write

C0001B8000

direct allocation

page read and write

C00018C000

direct allocation

page read and write

C0001BC000

direct allocation

page read and write

C00005A000

direct allocation

page read and write

999A1F9000

stack

page read and write

19871F20000

direct allocation

page read and write

C0001D4000

direct allocation

page read and write

223DC0C6000

heap

page read and write

223DC150000

heap

page read and write

C000166000

direct allocation

page read and write

C000051000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

223DC323000

heap

page read and write

5E28FFE000

stack

page read and write

C000080000

direct allocation

page read and write

C000051000

direct allocation

page read and write

229D3BE9000

heap

page read and write

C000056000

direct allocation

page read and write

223DC7F2000

heap

page read and write

C00000A000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

C00018A000

direct allocation

page read and write

C00015A000

direct allocation

page read and write

223DC0AF000

heap

page read and write

C000004000

direct allocation

page read and write

C000014000

direct allocation

page read and write

15043FF000

stack

page read and write

C00000E000

direct allocation

page read and write

1742000

unkown

page execute and read and write

C000078000

direct allocation

page read and write

C00017E000

direct allocation

page read and write

C0001BC000

direct allocation

page read and write

198706B0000

heap

page read and write

223DC0A1000

heap

page read and write

C0001FE000

direct allocation

page read and write

223DC0C3000

heap

page read and write

D70000

unkown

page readonly

C00015A000

direct allocation

page read and write

C00005A000

direct allocation

page read and write

1319000

unkown

page execute and read and write

C00003F000

direct allocation

page read and write

C0001C6000

direct allocation

page read and write

C000016000

direct allocation

page read and write

1D724F20000

heap

page read and write

223DE08E000

heap

page read and write

21F79581000

direct allocation

page read and write

C000120000

direct allocation

page read and write

C000064000

direct allocation

page read and write

C00021C000

direct allocation

page read and write

C00004F000

direct allocation

page read and write

C000186000

direct allocation

page read and write

C000146000

direct allocation

page read and write

C000109000

direct allocation

page read and write

2CB3F448000

direct allocation

page read and write

223DC7EC000

heap

page read and write

1742000

unkown

page execute and read and write

1742000

unkown

page execute and read and write

5E28DCE000

stack

page read and write

17AC000

unkown

page execute and read and write

172B000

unkown

page execute and read and write

223DC270000

trusted library allocation

page read and write

C0001BE000

direct allocation

page read and write

223DC81A000

heap

page read and write

C0001AA000

direct allocation

page read and write

C00000E000

direct allocation

page read and write

17B7000

unkown

page read and write

C000164000

direct allocation

page read and write

229D3BF2000

heap

page read and write

C00005A000

direct allocation

page read and write

C000004000

direct allocation

page read and write

2CB65F40000

heap

page read and write

1F43DE18000

direct allocation

page read and write

C000116000

direct allocation

page read and write

C000124000

direct allocation

page read and write

C00002A000

direct allocation

page read and write

C00020A000

direct allocation

page read and write

C0001B2000

direct allocation

page read and write

2CB646B1000

direct allocation

page read and write

223DC7F0000

heap

page read and write

C000192000

direct allocation

page read and write

C0000E4000

direct allocation

page read and write

C000156000

direct allocation

page read and write

C00002A000

direct allocation

page read and write

C000000000

direct allocation

page read and write

C000176000

direct allocation

page read and write

2CB3F34C000

heap

page read and write

223DC327000

heap

page read and write

C00018C000

direct allocation

page read and write

C000098000

direct allocation

page read and write

223DC7ED000

heap

page read and write

C000120000

direct allocation

page read and write

C0001DE000

direct allocation

page read and write

C000078000

direct allocation

page read and write

223DC0CF000

heap

page read and write

223DC0C7000

heap

page read and write

C000170000

direct allocation

page read and write

223DC058000

heap

page read and write

1312000

unkown

page execute and read and write

C00015E000

direct allocation

page read and write

C00011E000

direct allocation

page read and write

C000074000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

1F43DC20000

heap

page read and write

525AAFE000

stack

page read and write

229D3C3F000

heap

page read and write

C0001BA000

direct allocation

page read and write

C00018E000

direct allocation

page read and write

21F341C0000

heap

page read and write

C00007A000

direct allocation

page read and write

C000056000

direct allocation

page read and write

C00002C000

direct allocation

page read and write

C00025C000

direct allocation

page read and write

FD6DFFE000

stack

page read and write

C000114000

direct allocation

page read and write

223DC7F0000

heap

page read and write

C00014A000

direct allocation

page read and write

1749000

unkown

page execute and read and write

C0000BE000

direct allocation

page read and write

2CB66080000

heap

page read and write

1D581E60000

heap

page read and write

C00002C000

direct allocation

page read and write

223DC0C7000

heap

page read and write

AD4F7FF000

stack

page read and write

999A17E000

stack

page read and write

21F340B0000

heap

page read and write

223DC327000

heap

page read and write

C000182000

direct allocation

page read and write

C0000BA000

direct allocation

page read and write

525ABFF000

stack

page read and write

229FA7B0000

direct allocation

page read and write

1F43DE14000

direct allocation

page read and write

C00009E000

direct allocation

page read and write

C00011E000

direct allocation

page read and write

C000002000

direct allocation

page read and write

C00005E000

direct allocation

page read and write

17B5000

unkown

page execute and write copy

C000130000

direct allocation

page read and write

223DC7E8000

heap

page read and write

21F342C8000

direct allocation

page read and write

1F4648E0000

direct allocation

page read and write

223DC7EE000

heap

page read and write

C00000C000

direct allocation

page read and write

223DC32B000

heap

page read and write

C000202000

direct allocation

page read and write

1504DFF000

stack

page read and write

21F341E2000

heap

page read and write

C000178000

direct allocation

page read and write

223DC230000

heap

page read and write

C0001A8000

direct allocation

page read and write

C000018000

direct allocation

page read and write

C000150000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

223DC32A000

heap

page read and write

1770000

unkown

page execute and read and write

C000060000

direct allocation

page read and write

223DE096000

heap

page read and write

C0001D2000

direct allocation

page read and write

223DC809000

heap

page read and write

223DC250000

heap

page read and write

223DC2F0000

heap

page read and write

C000064000

direct allocation

page read and write

1D724BE0000

heap

page read and write

C000004000

direct allocation

page read and write

931717C000

stack

page read and write

1F43DD1D000

heap

page read and write

C000004000

direct allocation

page read and write

C00000E000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

525A7BF000

stack

page read and write

C000180000

direct allocation

page read and write

C00005E000

direct allocation

page read and write

C000190000

direct allocation

page read and write

C0001AE000

direct allocation

page read and write

C000008000

direct allocation

page read and write

C000104000

direct allocation

page read and write

C000051000

direct allocation

page read and write

C0000E6000

direct allocation

page read and write

172B000

unkown

page execute and read and write

C00024A000

direct allocation

page read and write

223DC35E000

heap

page read and write

C00020C000

direct allocation

page read and write

C0001CA000

direct allocation

page read and write

C000248000

direct allocation

page read and write

C00002F000

direct allocation

page read and write

21F79520000

heap

page read and write

1340000

unkown

page execute and read and write

17AC000

unkown

page execute and read and write

C000184000

direct allocation

page read and write

C000066000

direct allocation

page read and write

198706D1000

direct allocation

page read and write

C0001DA000

direct allocation

page read and write

17B5000

unkown

page execute and write copy

19871FA0000

heap

page read and write

1986B26A000

direct allocation

page read and write

C000016000

direct allocation

page read and write

C000152000

direct allocation

page read and write

C000044000

direct allocation

page read and write

223DC067000

heap

page read and write

C00003F000

direct allocation

page read and write

C00011E000

direct allocation

page read and write

229D3C12000

heap

page read and write

AD4F5CE000

stack

page read and write

C000056000

direct allocation

page read and write

C000096000

direct allocation

page read and write

1986B2A8000

heap

page read and write

223DC0AE000

heap

page read and write

17AC000

unkown

page execute and read and write

C00019C000

direct allocation

page read and write

C0000A2000

direct allocation

page read and write

C000206000

direct allocation

page read and write

19872040000

heap

page read and write

C000044000

direct allocation

page read and write

C0001BC000

direct allocation

page read and write

C0001A2000

direct allocation

page read and write

C000156000

direct allocation

page read and write

223DC0BA000

heap

page read and write

229FA850000

heap

page read and write

C000194000

direct allocation

page read and write

229F8F81000

direct allocation

page read and write

229D3B18000

direct allocation

page read and write

223DC7F5000

heap

page read and write

223DC0CF000

heap

page read and write

223DC0B2000

heap

page read and write

C000016000

direct allocation

page read and write

C000056000

direct allocation

page read and write

C00018A000

direct allocation

page read and write

C000080000

direct allocation

page read and write

2CB65EE0000

direct allocation

page read and write

C00014E000

direct allocation

page read and write

15047FE000

stack

page read and write

C000000000

direct allocation

page read and write

223DC0C3000

heap

page read and write

C0000C4000

direct allocation

page read and write

C000018000

direct allocation

page read and write

C0001C2000

direct allocation

page read and write

C000000000

direct allocation

page read and write

C000012000

direct allocation

page read and write

C000120000

direct allocation

page read and write

C000164000

direct allocation

page read and write

2CB65F20000

direct allocation

page read and write

1F4648F0000

direct allocation

page read and write

C000188000

direct allocation

page read and write

229D3BFE000

heap

page read and write

12FB000

unkown

page execute and read and write

C000168000

direct allocation

page read and write

D70000

unkown

page readonly

C000054000

direct allocation

page read and write

C00005E000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

223DE084000

heap

page read and write

C000046000

direct allocation

page read and write

223DC815000

heap

page read and write

223DC0C3000

heap

page read and write

C000186000

direct allocation

page read and write

C000206000

direct allocation

page read and write

C000222000

direct allocation

page read and write

15049FF000

stack

page read and write

C000018000

direct allocation

page read and write

1F464980000

heap

page read and write

C000064000

direct allocation

page read and write

C000120000

direct allocation

page read and write

177B000

unkown

page execute and read and write

223DE08D000

heap

page read and write

C000146000

direct allocation

page read and write

C000182000

direct allocation

page read and write

C000014000

direct allocation

page read and write

C0001AE000

direct allocation

page read and write

C0001C0000

direct allocation

page read and write

C00005C000

direct allocation

page read and write

C000072000

direct allocation

page read and write

229D3BE0000

heap

page read and write

C00007A000

direct allocation

page read and write

C000162000

direct allocation

page read and write

AD4FBFF000

stack

page read and write

223DC0B4000

heap

page read and write

C0001B6000

direct allocation

page read and write

999A27B000

stack

page read and write

C0001B4000

direct allocation

page read and write

999A0FE000

stack

page read and write

C0001B2000

direct allocation

page read and write

137C000

unkown

page execute and read and write

C000046000

direct allocation

page read and write

C000088000

direct allocation

page read and write

C00002C000

direct allocation

page read and write

C00015C000

direct allocation

page read and write

FD6D7CE000

stack

page read and write

C000120000

direct allocation

page read and write

C000160000

direct allocation

page read and write

21F341CB000

heap

page read and write

C000246000

direct allocation

page read and write

C00020A000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

223DC0B7000

heap

page read and write

C0000B8000

direct allocation

page read and write

93170FE000

stack

page read and write

1F43DD10000

heap

page read and write

223DE081000

heap

page read and write

5E29DFF000

stack

page read and write

C0001C8000

direct allocation

page read and write

223DC2A0000

heap

page read and write

C0000C6000

direct allocation

page read and write

C000116000

direct allocation

page read and write

C0001EC000

direct allocation

page read and write

C000012000

direct allocation

page read and write

C000184000

direct allocation

page read and write

223DC813000

heap

page read and write

C000150000

direct allocation

page read and write

1F463090000

heap

page read and write

223DC7E0000

heap

page read and write

9A601FF000

stack

page read and write

C00001A000

direct allocation

page read and write

229FA7E0000

direct allocation

page read and write

1986B264000

direct allocation

page read and write

C00007E000

direct allocation

page read and write

C000051000

direct allocation

page read and write

C000148000

direct allocation

page read and write

1742000

unkown

page execute and read and write

940000

unkown

page readonly

C000118000

direct allocation

page read and write

C000044000

direct allocation

page read and write

C000170000

direct allocation

page read and write

C000122000

direct allocation

page read and write

AD4FFFF000

stack

page read and write

223DC0A1000

heap

page read and write

2CB65F00000

direct allocation

page read and write

1F463070000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

C000062000

direct allocation

page read and write

1D724F25000

heap

page read and write

1387000

unkown

page write copy

223DC0B1000

heap

page read and write

C00016E000

direct allocation

page read and write

93171FE000

stack

page read and write

21F342C4000

direct allocation

page read and write

C000138000

direct allocation

page read and write

C0000FE000

direct allocation

page read and write

223DC325000

heap

page read and write

C00003A000

direct allocation

page read and write

C00000E000

direct allocation

page read and write

148C000

unkown

page execute and write copy

C0001C0000

direct allocation

page read and write

C00009C000

direct allocation

page read and write

223DE083000

heap

page read and write

C00012E000

direct allocation

page read and write

229D3B10000

direct allocation

page read and write

1F43DE1A000

direct allocation

page read and write

229FA810000

direct allocation

page read and write

C000150000

direct allocation

page read and write

C00016C000

direct allocation

page read and write

17B7000

unkown

page write copy

C000046000

direct allocation

page read and write

1F464B20000

heap

page read and write

21F7AD80000

direct allocation

page read and write

223DC0B2000

heap

page read and write

C00003F000

direct allocation

page read and write

C0001FC000

direct allocation

page read and write

C000258000

direct allocation

page read and write

C000066000

direct allocation

page read and write

2CB64690000

heap

page read and write

223DC0AF000

heap

page read and write

21F341CD000

heap

page read and write

17B5000

unkown

page execute and write copy

C000188000

direct allocation

page read and write

19870711000

direct allocation

page read and write

19871F40000

direct allocation

page read and write

C000244000

direct allocation

page read and write

C000031000

direct allocation

page read and write

1D582050000

heap

page read and write

1D582140000

heap

page read and write

C000062000

direct allocation

page read and write

C0001E0000

direct allocation

page read and write

148C000

unkown

page execute and write copy

999A2FF000

stack

page read and write

9316FFB000

stack

page read and write

C00001E000

direct allocation

page read and write

C0001CC000

direct allocation

page read and write

999A07C000

stack

page read and write

C00005C000

direct allocation

page read and write

C000108000

direct allocation

page read and write

17B7000

unkown

page write copy

C00011A000

direct allocation

page read and write

C0001C6000

direct allocation

page read and write

C00014E000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

C00016E000

direct allocation

page read and write

C000106000

direct allocation

page read and write

223DC0BA000

heap

page read and write

C00014E000

direct allocation

page read and write

C00004D000

direct allocation

page read and write

C000218000

direct allocation

page read and write

C000106000

direct allocation

page read and write

229F8F85000

direct allocation

page read and write

C00001E000

direct allocation

page read and write

223DC062000

heap

page read and write

19870690000

direct allocation

page read and write

C000214000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

C000004000

direct allocation

page read and write

223DC32E000

heap

page read and write

C000008000

direct allocation

page read and write

D70000

unkown

page readonly

223DC7E7000

heap

page read and write

15041CE000

stack

page read and write

C00019E000

direct allocation

page read and write

C00002F000

direct allocation

page read and write

C000180000

direct allocation

page read and write

223DC32E000

heap

page read and write

1986B260000

direct allocation

page read and write

C00005C000

direct allocation

page read and write

C000200000

direct allocation

page read and write

5E297FC000

stack

page read and write

223DC7F5000

heap

page read and write

229D3BE9000

heap

page read and write

C00022E000

direct allocation

page read and write

C0001B0000

direct allocation

page read and write

9316EFE000

stack

page read and write

C00000E000

direct allocation

page read and write

C000162000

direct allocation

page read and write

C00010E000

direct allocation

page read and write

C000162000

direct allocation

page read and write

C000000000

direct allocation

page read and write

1D5821D5000

heap

page read and write

C0001C0000

direct allocation

page read and write

229D3C3F000

heap

page read and write

C0001D2000

direct allocation

page read and write

C0000EC000

direct allocation

page read and write

229FA860000

heap

page read and write

C00007A000

direct allocation

page read and write

C000080000

direct allocation

page read and write

C000041000

direct allocation

page read and write

C000188000

direct allocation

page read and write

C000186000

direct allocation

page read and write

223DC270000

trusted library allocation

page read and write

C00002A000

direct allocation

page read and write

C000076000

direct allocation

page read and write

229D3BE6000

heap

page read and write

D70000

unkown

page readonly

223DE080000

heap

page read and write

C000018000

direct allocation

page read and write

1986B2AD000

heap

page read and write

223DC270000

trusted library allocation

page read and write

C000090000

direct allocation

page read and write

2CB3F220000

heap

page read and write

229FA800000

direct allocation

page read and write

C00018E000

direct allocation

page read and write

1F43DD1B000

heap

page read and write

FD6E3FE000

stack

page read and write

C000056000

direct allocation

page read and write

C0001CE000

direct allocation

page read and write

C000041000

direct allocation

page read and write

C000012000

direct allocation

page read and write

229D3B14000

direct allocation

page read and write

1749000

unkown

page execute and read and write

5E299FE000

stack

page read and write

C000137000

direct allocation

page read and write

229FA812000

direct allocation

page read and write

C00024E000

direct allocation

page read and write

148C000

unkown

page execute and write copy

9A5FDFF000

stack

page read and write

19870713000

direct allocation

page read and write

223DC7F0000

heap

page read and write

C00011E000

direct allocation

page read and write

1D582030000

heap

page read and write

229D3BE4000

heap

page read and write

D70000

unkown

page readonly

223DC324000

heap

page read and write

C000182000

direct allocation

page read and write

229D3AF0000

heap

page read and write

C000008000

direct allocation

page read and write

229F8FCB000

direct allocation

page read and write

C00018C000

direct allocation

page read and write

223DC35A000

heap

page read and write

C000060000

direct allocation

page read and write

177B000

unkown

page execute and read and write

C0001DC000

direct allocation

page read and write

C00015E000

direct allocation

page read and write

223DC35D000

heap

page read and write

999A1F6000

stack

page read and write

C000132000

direct allocation

page read and write

1D581E69000

heap

page read and write

C0001E6000

direct allocation

page read and write

223DC0B1000

heap

page read and write

C0001D0000

direct allocation

page read and write

223DC0C0000

heap

page read and write

223DC088000

heap

page read and write

C00005C000

direct allocation

page read and write

C000142000

direct allocation

page read and write

C000104000

direct allocation

page read and write

229FA7F0000

direct allocation

page read and write

229D3BE6000

heap

page read and write

C0001AA000

direct allocation

page read and write

C000016000

direct allocation

page read and write

223DE094000

heap

page read and write

C0001BA000

direct allocation

page read and write

C000022000

direct allocation

page read and write

9316F76000

stack

page read and write

C00012E000

direct allocation

page read and write

223DC0A1000

heap

page read and write

C000106000

direct allocation

page read and write

17B7000

unkown

page read and write

223DC0B1000

heap

page read and write

525A738000

stack

page read and write

C00014C000

direct allocation

page read and write

C00008C000

direct allocation

page read and write

C00002A000

direct allocation

page read and write

C0001BE000

direct allocation

page read and write

C0001A2000

direct allocation

page read and write

C0001D2000

direct allocation

page read and write

9316BFC000

stack

page read and write

C0001D4000

direct allocation

page read and write

AD501FF000

stack

page read and write

1D724BB0000

heap

page read and write

C000132000

direct allocation

page read and write

C000100000

direct allocation

page read and write

C0000A8000

direct allocation

page read and write

223DC0CA000

heap

page read and write

19871F30000

direct allocation

page read and write

223DE094000

heap

page read and write

C000158000

direct allocation

page read and write

21F7ADB0000

direct allocation

page read and write

229D3B90000

heap

page read and write

C000062000

direct allocation

page read and write

C0000A0000

direct allocation

page read and write

C000031000

direct allocation

page read and write

229D3B1A000

direct allocation

page read and write

229D3C3D000

heap

page read and write

931707E000

stack

page read and write

105C000

unkown

page execute and write copy

C000130000

direct allocation

page read and write

21F7ADC0000

direct allocation

page read and write

21F7AD90000

direct allocation

page read and write

C000106000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

223DC80C000

heap

page read and write

FD6DDFE000

stack

page read and write

C000118000

direct allocation

page read and write

C000074000

direct allocation

page read and write

223DC086000

heap

page read and write

C000130000

direct allocation

page read and write

9A5FFFF000

stack

page read and write

1770000

unkown

page execute and read and write

C00025E000

direct allocation

page read and write

21F7AD70000

direct allocation

page read and write

C000072000

direct allocation

page read and write

223DC355000

heap

page read and write

C0001D0000

direct allocation

page read and write

1385000

unkown

page execute and write copy

229D3C3D000

heap

page read and write

C00002E000

direct allocation

page read and write

15045FF000

stack

page read and write

C000051000

direct allocation

page read and write

223DC0C3000

heap

page read and write

C0001BA000

direct allocation

page read and write

9A5FBFE000

stack

page read and write

C000118000

direct allocation

page read and write

1F464920000

direct allocation

page read and write

C0001A6000

direct allocation

page read and write

17AC000

unkown

page execute and read and write

223DC32A000

heap

page read and write

C0000F6000

direct allocation

page read and write

C0001E4000

direct allocation

page read and write

C00012E000

direct allocation

page read and write

223DE082000

heap

page read and write

5E291FE000

stack

page read and write

223DC0B7000

heap

page read and write

C000100000

direct allocation

page read and write

C00018E000

direct allocation

page read and write

C000135000

direct allocation

page read and write

C0000A4000

direct allocation

page read and write

C000054000

direct allocation

page read and write

1D724BC0000

heap

page read and write

C0001B8000

direct allocation

page read and write

C000014000

direct allocation

page read and write

C000082000

direct allocation

page read and write

C000054000

direct allocation

page read and write

19871F60000

direct allocation

page read and write

C000208000

direct allocation

page read and write

999A3FC000

stack

page read and write

C000080000

direct allocation

page read and write

223DC7F1000

heap

page read and write

229D3B70000

direct allocation

page read and write

C000108000

direct allocation

page read and write

C00000C000

direct allocation

page read and write

1504BFE000

stack

page read and write

D70000

unkown

page readonly

1986B268000

direct allocation

page read and write

1F464900000

direct allocation

page read and write

C000094000

direct allocation

page read and write

229FAEB0000

heap

page read and write

C000046000

direct allocation

page read and write

C0000C0000

direct allocation

page read and write

1749000

unkown

page execute and read and write

C000031000

direct allocation

page read and write

223DC0CF000

heap

page read and write

C000044000

direct allocation

page read and write

2CB3F44A000

direct allocation

page read and write

223DC270000

trusted library allocation

page read and write

C000074000

direct allocation

page read and write

C000018000

direct allocation

page read and write

C000054000

direct allocation

page read and write

9A603FE000

stack

page read and write

940000

unkown

page readonly

C000216000

direct allocation

page read and write

1387000

unkown

page read and write

223DC350000

heap

page read and write

1749000

unkown

page execute and read and write

177B000

unkown

page execute and read and write

C000044000

direct allocation

page read and write

C00003A000

direct allocation

page read and write

C00011A000

direct allocation

page read and write

C000008000

direct allocation

page read and write

223DC0AA000

heap

page read and write

C000002000

direct allocation

page read and write

2CB65F60000

direct allocation

page read and write

C00011E000

direct allocation

page read and write

17B7000

unkown

page read and write

223DC09F000

heap

page read and write

17B7000

unkown

page read and write

C00001E000

direct allocation

page read and write

C000116000

direct allocation

page read and write

C000140000

direct allocation

page read and write

C000041000

direct allocation

page read and write

C000152000

direct allocation

page read and write

C000062000

direct allocation

page read and write

134B000

unkown

page execute and read and write

C000132000

direct allocation

page read and write

223DC32A000

heap

page read and write

C000016000

direct allocation

page read and write

C00000A000

direct allocation

page read and write

AD4FDFF000

stack

page read and write

C00005E000

direct allocation

page read and write

C00002F000

direct allocation

page read and write

223DE094000

heap

page read and write

C00009A000

direct allocation

page read and write

1D5821D0000

heap

page read and write

1D724C28000

heap

page read and write

C000014000

direct allocation

page read and write

C000132000

direct allocation

page read and write

2CB65F30000

direct allocation

page read and write

C00014C000

direct allocation

page read and write

C000130000

direct allocation

page read and write

C0000E8000

direct allocation

page read and write

D70000

unkown

page readonly

C000128000

direct allocation

page read and write

999A47E000

stack

page read and write

223DC0B9000

heap

page read and write

C000046000

direct allocation

page read and write

C000066000

direct allocation

page read and write

C000126000

direct allocation

page read and write

C000041000

direct allocation

page read and write

C000064000

direct allocation

page read and write

229D3BBC000

heap

page read and write

1770000

unkown

page execute and read and write

2CB646F1000

direct allocation

page read and write

C00005A000

direct allocation

page read and write

2CB3F444000

direct allocation

page read and write

223DC809000

heap

page read and write

21F342CA000

direct allocation

page read and write

229FA7D0000

direct allocation

page read and write

C000106000

direct allocation

page read and write

1F464930000

direct allocation

page read and write

C00002F000

direct allocation

page read and write

C00001A000

direct allocation

page read and write

2CB65F10000

direct allocation

page read and write

223DE08E000

heap

page read and write

C000074000

direct allocation

page read and write

C00005A000

direct allocation

page read and write

C00002C000

direct allocation

page read and write

223DC0BC000

heap

page read and write

C000074000

direct allocation

page read and write

C000186000

direct allocation

page read and write

999A37E000

stack

page read and write

C000010000

direct allocation

page read and write

172B000

unkown

page execute and read and write

223DC80A000

heap

page read and write

17B5000

unkown

page execute and write copy

C000060000

direct allocation

page read and write

223DC0B7000

heap

page read and write

C000160000

direct allocation

page read and write

2CB3F440000

direct allocation

page read and write

C000206000

direct allocation

page read and write

There are 802 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
skuld3.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportskuld3.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
skuld3.exe