Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\AEGIJKEHCAKF\BKKFHI
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\AEGIJKEHCAKF\GDBAKK
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
modified
|
||
|
C:\ProgramData\AEGIJKEHCAKF\GHJJDG
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\AEGIJKEHCAKF\GHJKEH
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\AEGIJKEHCAKF\HDBKJE
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\AEGIJKEHCAKF\IEHJJE
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\AEGIJKEHCAKF\KFIJEG
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199680449169[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqlx[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
|
unknown
|
||
|
https://store.steampowered.comv
|
unknown
|
||
|
https://65.108.152.56:9000/mozglue.dll
|
unknown
|
||
|
https://65.108.152.56:9000
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://65.108.152.56:9000/vcruntime140.dll
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199680449169
|
104.105.90.131
|
||
|
https://65.108.152.56:9000/nss3.dllData
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=roSu
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://65.108.152.56:9000/nss3.dll
|
unknown
|
||
|
https://65.108.152.56:9000/nss3.dllft
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://65.108.152.56:9000/softokn3.dllessionKeyBackward
|
unknown
|
||
|
https://65.108.152.56:9000/nss3.dllU
|
unknown
|
||
|
https://65.108.152.56:9000el
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&
|
unknown
|
||
|
https://65.108.152.56:9000/freebl3.dll
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&l=
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://65.108.152.56:9000/o
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=tIrWyaxi8A
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://65.108.152.56:9000/W
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199680449169/badges
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://65.108.152.56:9000/msvcp140.dllt
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://65.108.152.56:9000/G
|
unknown
|
||
|
https://65.108.152.56:9000/D
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://65.108.152.56:9000/soft
|
unknown
|
||
|
https://65.108.152.56:9000/softokn3.dll
|
unknown
|
||
|
https://65.108.152.56:9000softokn3.dlldge
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
|
unknown
|
||
|
https://65.108.152.56:9000/
|
unknown
|
||
|
https://65.108.152.56:9000/7
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://65.108.152.56:9000/dZ
|
unknown
|
||
|
https://65.108.152.56:9000/mozglue.dllEdge
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://65.108.152.56:9000ing
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
|
unknown
|
||
|
https://65.108.152.56/
|
unknown
|
||
|
https://65.108.152.56:9000/sqlx.dllg
|
unknown
|
||
|
https://65.108.152.56:9000/vcruntime140.dll_7)
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/toolt
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&l=englis
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199680449169
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://t.me/r1g1o
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&
|
unknown
|
||
|
https://65.108.152.56:9000lGoogle
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://65.108.152.56:9000/freebl3.dll4
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
|
unknown
|
||
|
https://65.108.152.56:9000l
|
unknown
|
||
|
https://65.108.152.56:9000/ng
|
unknown
|
||
|
https://65.108.152.56:9000/msvcp140.dll
|
unknown
|
||
|
https://65.108.152.56:9000e1a3fmium
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://65.108.152.56:9000/L~
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/images/r
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
|
unknown
|
||
|
https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://65.108.152.56:9000/sqlx.dll
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
steamcommunity.com
|
104.105.90.131
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
65.108.152.56
|
unknown
|
United States
|
||
|
104.105.90.131
|
steamcommunity.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D65000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
9A2000
|
unkown
|
page readonly
|
|
|
|
E4B000
|
heap
|
page read and write
|
||
|
1B69D000
|
direct allocation
|
page execute read
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
F25000
|
heap
|
page read and write
|
||
|
D91000
|
heap
|
page read and write
|
||
|
E19E000
|
stack
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
15529000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
1B498000
|
direct allocation
|
page execute read
|
||
|
96FE000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
1509E000
|
stack
|
page read and write
|
||
|
D8B000
|
stack
|
page read and write
|
||
|
2D61000
|
trusted library allocation
|
page read and write
|
||
|
1568E000
|
heap
|
page read and write
|
||
|
2D6A000
|
trusted library allocation
|
page read and write
|
||
|
F29000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
FAF000
|
heap
|
page read and write
|
||
|
2D50000
|
heap
|
page execute and read and write
|
||
|
5350000
|
heap
|
page execute and read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
15310000
|
heap
|
page read and write
|
||
|
D81000
|
heap
|
page read and write
|
||
|
434000
|
remote allocation
|
page execute and read and write
|
||
|
1014000
|
heap
|
page read and write
|
||
|
2AA4000
|
trusted library allocation
|
page read and write
|
||
|
D9A000
|
heap
|
page read and write
|
||
|
95BE000
|
stack
|
page read and write
|
||
|
63F000
|
remote allocation
|
page execute and read and write
|
||
|
F95000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
100A000
|
heap
|
page read and write
|
||
|
9F8000
|
unkown
|
page readonly
|
||
|
D10000
|
heap
|
page read and write
|
||
|
1B6DD000
|
direct allocation
|
page readonly
|
||
|
1B490000
|
direct allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
96BF000
|
stack
|
page read and write
|
||
|
2AA0000
|
trusted library allocation
|
page read and write
|
||
|
100C000
|
heap
|
page read and write
|
||
|
F1D000
|
stack
|
page read and write
|
||
|
2A93000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
52F000
|
remote allocation
|
page execute and read and write
|
||
|
E13F000
|
stack
|
page read and write
|
||
|
31A5000
|
heap
|
page read and write
|
||
|
D8D000
|
heap
|
page read and write
|
||
|
12B0B000
|
unkown
|
page read and write
|
||
|
1007000
|
heap
|
page read and write
|
||
|
1B6A8000
|
direct allocation
|
page readonly
|
||
|
FA0000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A80000
|
trusted library allocation
|
page read and write
|
||
|
2D30000
|
trusted library allocation
|
page read and write
|
||
|
2D69000
|
trusted library allocation
|
page execute and read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2AC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B6DF000
|
direct allocation
|
page readonly
|
||
|
BB3D000
|
stack
|
page read and write
|
||
|
31AD000
|
heap
|
page read and write
|
||
|
1B6D2000
|
direct allocation
|
page read and write
|
||
|
1066E000
|
stack
|
page read and write
|
||
|
15424000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
DFBC000
|
stack
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
12C5E000
|
stack
|
page read and write
|
||
|
2ACB000
|
trusted library allocation
|
page execute and read and write
|
||
|
573000
|
remote allocation
|
page execute and read and write
|
||
|
1B491000
|
direct allocation
|
page execute read
|
||
|
15670000
|
heap
|
page read and write
|
||
|
9A0000
|
unkown
|
page readonly
|
||
|
E8A000
|
heap
|
page read and write
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
15737000
|
heap
|
page read and write
|
||
|
15735000
|
heap
|
page read and write
|
||
|
105DE000
|
stack
|
page read and write
|
||
|
43C000
|
remote allocation
|
page execute and read and write
|
||
|
15530000
|
heap
|
page read and write
|
||
|
52C000
|
remote allocation
|
page execute and read and write
|
||
|
9560000
|
heap
|
page read and write
|
||
|
1022000
|
heap
|
page read and write
|
||
|
DB2000
|
heap
|
page read and write
|
||
|
FE8000
|
heap
|
page read and write
|
||
|
E03E000
|
stack
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
B85000
|
stack
|
page read and write
|
||
|
1B6DA000
|
direct allocation
|
page readonly
|
||
|
60D000
|
remote allocation
|
page execute and read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
1B69F000
|
direct allocation
|
page readonly
|
||
|
DBD000
|
heap
|
page read and write
|
||
|
12AAF000
|
stack
|
page read and write
|
||
|
15420000
|
heap
|
page read and write
|
||
|
E42000
|
heap
|
page read and write
|
||
|
438000
|
remote allocation
|
page execute and read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
C25000
|
heap
|
page read and write
|
||
|
E72000
|
heap
|
page read and write
|
||
|
151A0000
|
heap
|
page read and write
|
||
|
BB7D000
|
stack
|
page read and write
|
||
|
3D61000
|
trusted library allocation
|
page read and write
|
||
|
2A94000
|
trusted library allocation
|
page read and write
|
||
|
EA4000
|
heap
|
page read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
1B5F6000
|
direct allocation
|
page execute read
|
||
|
1052000
|
heap
|
page read and write
|
||
|
31D4000
|
trusted library allocation
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
C8C000
|
stack
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1519C000
|
stack
|
page read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
15324000
|
heap
|
page read and write
|
||
|
535000
|
remote allocation
|
page execute and read and write
|
||
|
15426000
|
heap
|
page read and write
|
There are 120 hidden memdumps, click here to show them.