Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zixing.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\Desktop\update\ORDERSEC_STYLETWO.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, Code page: 936, Revision Number: 111, Total
Editing Time: 2d+02:43:02, Last Printed: Fri Dec 29 07:07:46 2006, Last Saved Time/Date: Mon Jul 1 17:09:37 2024, Create
Time/Date: Thu Jul 21 09:56:11 2005, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application:
Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\daysum.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 52, Total Editing
Time: 1d+04:51:03, Last Saved Time/Date: Mon Jul 1 18:57:42 2024, Create Time/Date: Wed Jul 24 13:49:08 2013, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\daysum2.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 19, Total Editing
Time: 16:25, Last Saved Time/Date: Wed May 29 09:25:10 2024, Create Time/Date: Wed Apr 8 13:58:23 2020, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\dayxxb.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 26, Total Editing
Time: 03:35:50, Last Saved Time/Date: Mon May 20 03:14:50 2024, Create Time/Date: Thu Jan 7 12:31:14 2021, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\metalout_style1.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, Code page: 936, Revision Number: 41, Total Editing
Time: 18:22:50, Last Saved Time/Date: Fri Apr 12 09:23:35 2024, Create Time/Date: Tue Dec 13 14:17:25 2005, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\zwei.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\zixing.exe
|
"C:\Users\user\Desktop\zixing.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.zwei.com__vbaFailedFriend
|
unknown
|
||
|
http://192.168.0.188:9011/mon?monNo=
|
unknown
|
||
|
http://j32303f290.zicp.vip:9011/imageszt/
|
unknown
|
||
|
http://www.Jewsys.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
206.23.85.13.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5131000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
DB1000
|
trusted library allocation
|
page read and write
|
||
|
E23000
|
unkown
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
E41000
|
unkown
|
page write copy
|
||
|
4D3E000
|
stack
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
B7D000
|
heap
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
B4F000
|
heap
|
page read and write
|
||
|
B3A000
|
heap
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
5201000
|
heap
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
7A6000
|
stack
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
51D1000
|
heap
|
page read and write
|
||
|
B9C000
|
heap
|
page read and write
|
||
|
E1D000
|
unkown
|
page write copy
|
||
|
B48000
|
heap
|
page read and write
|
||
|
B59000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
B52000
|
heap
|
page read and write
|
||
|
B0B000
|
heap
|
page read and write
|
||
|
5262000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
5100000
|
heap
|
page read and write
|
||
|
5262000
|
heap
|
page read and write
|
||
|
4F80000
|
trusted library allocation
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
7A0000
|
stack
|
page read and write
|
||
|
B72000
|
heap
|
page read and write
|
||
|
B53000
|
heap
|
page read and write
|
||
|
8EF4000
|
heap
|
page read and write
|
||
|
6FDF000
|
stack
|
page read and write
|
||
|
E1D000
|
unkown
|
page read and write
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
BAA000
|
heap
|
page read and write
|
||
|
7363000
|
heap
|
page read and write
|
||
|
B6F000
|
heap
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
7CA000
|
stack
|
page read and write
|
||
|
4F90000
|
heap
|
page read and write
|
||
|
BE4000
|
heap
|
page read and write
|
||
|
5232000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
305E000
|
stack
|
page read and write
|
||
|
E40000
|
unkown
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
B48000
|
heap
|
page read and write
|
||
|
50D7000
|
heap
|
page read and write
|
||
|
BE1000
|
heap
|
page read and write
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
B08000
|
heap
|
page read and write
|
||
|
E41000
|
unkown
|
page readonly
|
||
|
5262000
|
heap
|
page read and write
|
||
|
B3D000
|
heap
|
page read and write
|
||
|
B55000
|
heap
|
page read and write
|
||
|
4C34000
|
heap
|
page read and write
|
||
|
BEC000
|
heap
|
page read and write
|
||
|
7B3000
|
stack
|
page read and write
|
||
|
77D4000
|
heap
|
page read and write
|
||
|
7B9000
|
stack
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
DCA000
|
trusted library allocation
|
page read and write
|
||
|
5163000
|
heap
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
B4C000
|
heap
|
page read and write
|
||
|
7C2000
|
stack
|
page read and write
|
||
|
5231000
|
heap
|
page read and write
|
||
|
B59000
|
heap
|
page read and write
|
||
|
5193000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page readonly
|
||
|
81D4000
|
heap
|
page read and write
|
||
|
B8C000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
6C6000
|
stack
|
page read and write
|
||
|
5132000
|
heap
|
page read and write
|
||
|
5162000
|
heap
|
page read and write
|
||
|
6EE7000
|
heap
|
page read and write
|
||
|
78F000
|
stack
|
page read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
50D7000
|
heap
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
BEC000
|
heap
|
page read and write
|
||
|
5101000
|
heap
|
page read and write
|
||
|
BAA000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
E12000
|
unkown
|
page readonly
|
||
|
E42000
|
unkown
|
page readonly
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
5262000
|
heap
|
page read and write
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
4C30000
|
heap
|
page read and write
|
||
|
70DF000
|
stack
|
page read and write
|
||
|
796000
|
stack
|
page read and write
|
||
|
50D1000
|
heap
|
page read and write
|
||
|
66ED000
|
heap
|
page read and write
|
||
|
BB4000
|
heap
|
page read and write
|
||
|
E12000
|
unkown
|
page readonly
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
A95000
|
heap
|
page read and write
|
||
|
B5F000
|
heap
|
page read and write
|
||
|
BE2000
|
heap
|
page read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
B5F000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
66E0000
|
trusted library allocation
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
51C4000
|
heap
|
page read and write
|
||
|
B75000
|
heap
|
page read and write
|
||
|
B6E000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
8BD4000
|
heap
|
page read and write
|
||
|
B5F000
|
heap
|
page read and write
|
||
|
BAF000
|
heap
|
page read and write
|
||
|
5194000
|
heap
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
5131000
|
heap
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
7B7000
|
stack
|
page read and write
|
||
|
B28000
|
heap
|
page read and write
|
||
|
BAF000
|
heap
|
page read and write
|
There are 125 hidden memdumps, click here to show them.