Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
message.com.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\services.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Windows\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Windows\services.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_message.com.exe_eabd2b87f1d1ff89785cafa7c6d1682cb0e0_578fa923_f27a16b7-0af0-4c1f-b85f-b3b6001c5425\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6FFD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu May 23 13:14:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70BA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70EA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\zincite.log
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\java.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\message.com.exe
|
"C:\Users\user\Desktop\message.com.exe"
|
|
|
|
C:\Windows\services.exe
|
"C:\Windows\services.exe"
|
|
|
|
C:\Windows\java.exe
|
"C:\Windows\java.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\services.exe
|
"C:\Users\user\AppData\Local\Temp\services.exe"
|
|
|
|
C:\Windows\services.exe
|
"C:\Windows\services.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 1196
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://unitUSOPrivaten.micrp
|
unknown
|
||
|
http://www.altavista.com/web/results?q=%s&kgs=0&kls=0
|
unknown
|
||
|
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%s
|
unknown
|
||
|
https://denmark.smartscre_
|
unknown
|
||
|
http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=%s&nbq=%dhttp://www.altavista.c
|
unknown
|
||
|
https://unitedstates2.ss.wd.microsoft
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://europe.dbgcreepp
|
unknown
|
||
|
http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=%s
|
unknown
|
||
|
https://europe.d
|
unknown
|
||
|
http://search.yahoo.com/search?p=%s&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=
|
unknown
|
||
|
https://denmark.smartscre_curlrcom
|
unknown
|
||
|
https://unitedstates4.ss.wd.microsoft.us
|
unknown
|
||
|
https://southkoreregid.1991-06.com.microsoftza
|
unknown
|
There are 4 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
15.124.29.93
|
unknown
|
United States
|
||
|
192.168.1.64
|
unknown
|
unknown
|
||
|
4.240.78.155
|
unknown
|
United States
|
||
|
159.134.165.119
|
unknown
|
Ireland
|
||
|
16.91.195.90
|
unknown
|
United States
|
||
|
24.196.145.49
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
JavaVM
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Services
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
ProgramId
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
FileId
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
LongPathHash
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Name
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
OriginalFileName
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Publisher
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Version
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
BinFileVersion
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
BinaryType
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
ProductName
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
ProductVersion
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
LinkDate
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
BinProductVersion
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Size
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Language
|
||
|
\REGISTRY\A\{08135869-9d9a-289c-aef6-48185849bf71}\Root\InventoryApplicationFile\message.com.exe|f857c0aa980bf9e7
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Services
|
There are 12 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
501000
|
unkown
|
page execute and read and write
|
|
|
|
501000
|
unkown
|
page execute and read and write
|
|
|
|
2B7E000
|
stack
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
27DC000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
509000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
56A000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2CBF000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
20CC000
|
stack
|
page read and write
|
||
|
54E000
|
unkown
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
281E000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5BB000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
874000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
50D000
|
unkown
|
page execute and read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
81A000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
660000
|
heap
|
page read and write
|
||
|
293E000
|
stack
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
85F000
|
heap
|
page read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
509000
|
unkown
|
page execute and read and write
|
||
|
5CE000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
2A7E000
|
stack
|
page read and write
|
||
|
665000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page write copy
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
264F000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
279F000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
255E000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
590000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
28CF000
|
stack
|
page read and write
|
||
|
265F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
2AAE000
|
stack
|
page read and write
|
||
|
296E000
|
stack
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
5DE000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
21CD000
|
stack
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
2D5E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
825000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
56E000
|
heap
|
page read and write
|
||
|
5AF000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page write copy
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
812000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
58E000
|
stack
|
page read and write
|
||
|
292E000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
30DF000
|
stack
|
page read and write
|
||
|
27DF000
|
stack
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2DFF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
54E000
|
stack
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
21CD000
|
stack
|
page read and write
|
||
|
2A3F000
|
stack
|
page read and write
|
||
|
254E000
|
stack
|
page read and write
|
||
|
509000
|
unkown
|
page execute and write copy
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
50E000
|
unkown
|
page execute and write copy
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
5B4000
|
heap
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
50E000
|
unkown
|
page execute and write copy
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
20CC000
|
stack
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
2A2F000
|
stack
|
page read and write
|
||
|
50D000
|
unkown
|
page execute and read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
849000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
88F000
|
stack
|
page read and write
|
||
|
59A000
|
heap
|
page read and write
|
||
|
2BAF000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
269E000
|
stack
|
page read and write
|
||
|
2A6F000
|
stack
|
page read and write
|
||
|
509000
|
unkown
|
page execute and read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
2F9F000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
5C7000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
59E000
|
stack
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
There are 201 hidden memdumps, click here to show them.