Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
kbdgc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\Desktop\update\INSALEEXIST_TEMP.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 74, Total Editing
Time: 1d+15:47:03, Last Saved Time/Date: Fri Jun 7 10:58:20 2024, Create Time/Date: Wed Jul 24 13:49:08 2013, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\INSALEEXIST_TMP.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 936, Revision Number: 87, Total Editing
Time: 03:46:56, Last Saved Time/Date: Mon Jul 1 04:55:50 2024, Create Time/Date: Wed Apr 11 10:39:29 2018, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\Monsec_Thwx.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 47, Total Editing
Time: 1d+09:27:40, Last Saved Time/Date: Thu Jun 27 07:58:55 2024, Create Time/Date: Sat Jan 23 07:53:15 2021, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\Monsec_sum.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 43, Total Editing
Time: 1d+05:46:38, Last Saved Time/Date: Mon Jul 1 10:30:27 2024, Create Time/Date: Sat Jan 23 07:53:15 2021, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\Monsec_sumOne.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 31, Total Editing
Time: 16:53:47, Last Saved Time/Date: Wed Apr 24 10:20:54 2024, Create Time/Date: Sat Jan 23 07:53:15 2021, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\SaleDtl1.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.0, Code page: 1252, Revision Number: 136, Total
Editing Time: 4d+06:57:45, Last Printed: Wed Dec 16 12:39:40 2020, Last Saved Time/Date: Wed Jul 3 06:46:47 2024, Create
Time/Date: Thu Aug 8 04:21:38 2002, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application:
Seagate Crystal Reports
|
dropped
|
||
|
C:\Users\user\Desktop\update\SaleDtl2.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.0, Code page: 1252, Revision Number: 136, Total
Editing Time: 4d+03:46:27, Last Printed: Wed Dec 16 12:39:40 2020, Last Saved Time/Date: Wed Jul 3 04:57:48 2024, Create
Time/Date: Thu Aug 8 04:21:38 2002, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application:
Seagate Crystal Reports
|
dropped
|
||
|
C:\Users\user\Desktop\update\SaleDtl3.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.0, Code page: 1252, Revision Number: 139, Total
Editing Time: 4d+02:56:30, Last Printed: Wed Dec 16 12:39:40 2020, Last Saved Time/Date: Tue Jul 2 04:08:23 2024, Create
Time/Date: Thu Aug 8 04:21:38 2002, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application:
Seagate Crystal Reports
|
dropped
|
||
|
C:\Users\user\Desktop\update\SaleDtl_sum.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 4.0, Code page: 1252, Revision Number: 130, Total
Editing Time: 4d+02:19:19, Last Printed: Wed Dec 16 12:39:40 2020, Last Saved Time/Date: Tue Jul 2 04:08:36 2024, Create
Time/Date: Thu Aug 8 04:21:38 2002, Number of Pages: 1, Number of Words: 0, Number of Characters: 0, Name of Creating Application:
Seagate Crystal Reports
|
dropped
|
||
|
C:\Users\user\Desktop\update\daybalprc_dtl.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 11, Total Editing
Time: 05:01:39, Last Saved Time/Date: Fri Jun 7 06:56:27 2024, Create Time/Date: Thu Dec 27 07:22:14 2012, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\daysale_dtl.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 29, Total Editing
Time: 01:34:29, Last Saved Time/Date: Thu Jun 6 07:06:05 2024, Create Time/Date: Thu Dec 27 07:22:14 2012, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\daysale_dtl2.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 34, Total Editing
Time: 01:42:48, Last Saved Time/Date: Thu Jun 6 07:44:12 2024, Create Time/Date: Thu Dec 27 07:22:14 2012, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\metalin.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, Code page: 936, Revision Number: 82, Total Editing
Time: 03:58:18, Last Saved Time/Date: Wed Jul 3 04:02:28 2024, Create Time/Date: Tue Dec 13 14:17:25 2005, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\metalout.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.0, Code page: 936, Revision Number: 65, Total Editing
Time: 01:13:11, Last Saved Time/Date: Wed Jul 3 04:02:12 2024, Create Time/Date: Tue Dec 13 14:17:25 2005, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\suppaymtl_total.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 11, Total Editing
Time: 05:16:08, Last Saved Time/Date: Fri Jun 7 08:17:48 2024, Create Time/Date: Thu Dec 27 07:22:14 2012, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\zjz_dtl.rpt
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, Code page: 936, Revision Number: 39, Total Editing
Time: 01:48:57, Last Saved Time/Date: Thu Jun 6 10:07:39 2024, Create Time/Date: Thu Dec 27 07:22:14 2012, Number of Pages:
1, Number of Words: 0, Number of Characters: 0, Name of Creating Application: Crystal
|
dropped
|
||
|
C:\Users\user\Desktop\update\zwei.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\kbdgc.exe
|
"C:\Users\user\Desktop\kbdgc.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.zwei.com__vbaFailedFriend
|
unknown
|
||
|
http://www.Jewsys.com
|
unknown
|
||
|
http://192.168.30.6:8080/SSH/jsp/upload/upload.jsp
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
DC4000
|
heap
|
page read and write
|
||
|
D83000
|
heap
|
page read and write
|
||
|
A85000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
D5E000
|
heap
|
page read and write
|
||
|
863E000
|
stack
|
page read and write
|
||
|
7281000
|
heap
|
page read and write
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
4DD2000
|
heap
|
page read and write
|
||
|
6867000
|
heap
|
page read and write
|
||
|
9C3F000
|
stack
|
page read and write
|
||
|
4D61000
|
heap
|
page read and write
|
||
|
7BFF000
|
stack
|
page read and write
|
||
|
E47000
|
heap
|
page read and write
|
||
|
E16000
|
heap
|
page read and write
|
||
|
6873000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
7D3F000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
7C3E000
|
stack
|
page read and write
|
||
|
94BF000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
8E7F000
|
stack
|
page read and write
|
||
|
79BE000
|
stack
|
page read and write
|
||
|
6887000
|
heap
|
page read and write
|
||
|
797F000
|
stack
|
page read and write
|
||
|
72B0000
|
heap
|
page read and write
|
||
|
93BE000
|
stack
|
page read and write
|
||
|
84FE000
|
stack
|
page read and write
|
||
|
BC8000
|
unkown
|
page read and write
|
||
|
89BE000
|
stack
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
8FFE000
|
stack
|
page read and write
|
||
|
D97000
|
heap
|
page read and write
|
||
|
827E000
|
stack
|
page read and write
|
||
|
75BF000
|
stack
|
page read and write
|
||
|
4D68000
|
heap
|
page read and write
|
||
|
963E000
|
stack
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
7E7F000
|
stack
|
page read and write
|
||
|
2DC0000
|
trusted library allocation
|
page read and write
|
||
|
7312000
|
heap
|
page read and write
|
||
|
6BE4000
|
heap
|
page read and write
|
||
|
7312000
|
heap
|
page read and write
|
||
|
2DFE000
|
stack
|
page read and write
|
||
|
813E000
|
stack
|
page read and write
|
||
|
D6D000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
4FBD000
|
heap
|
page read and write
|
||
|
8D3F000
|
stack
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
D8D000
|
heap
|
page read and write
|
||
|
783F000
|
stack
|
page read and write
|
||
|
120E000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
927E000
|
stack
|
page read and write
|
||
|
303F000
|
stack
|
page read and write
|
||
|
7FFE000
|
stack
|
page read and write
|
||
|
6885000
|
heap
|
page read and write
|
||
|
BCA000
|
unkown
|
page readonly
|
||
|
7B8000
|
stack
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4E03000
|
heap
|
page read and write
|
||
|
7312000
|
heap
|
page read and write
|
||
|
99FE000
|
stack
|
page read and write
|
||
|
72E1000
|
heap
|
page read and write
|
||
|
BAA000
|
unkown
|
page write copy
|
||
|
688E000
|
heap
|
page read and write
|
||
|
95FF000
|
stack
|
page read and write
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
72E2000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
8D7E000
|
stack
|
page read and write
|
||
|
88BE000
|
stack
|
page read and write
|
||
|
7EBE000
|
stack
|
page read and write
|
||
|
80FF000
|
stack
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
7C1000
|
stack
|
page read and write
|
||
|
873F000
|
stack
|
page read and write
|
||
|
99BF000
|
stack
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
656E000
|
heap
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
685E000
|
heap
|
page read and write
|
||
|
7A6000
|
stack
|
page read and write
|
||
|
7AB000
|
stack
|
page read and write
|
||
|
E47000
|
heap
|
page read and write
|
||
|
4DD3000
|
heap
|
page read and write
|
||
|
4520000
|
trusted library allocation
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
DC4000
|
heap
|
page read and write
|
||
|
4D9E000
|
heap
|
page read and write
|
||
|
9C7E000
|
stack
|
page read and write
|
||
|
8B00000
|
heap
|
page read and write
|
||
|
D7A000
|
heap
|
page read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
8EBE000
|
stack
|
page read and write
|
||
|
7D7E000
|
stack
|
page read and write
|
||
|
72B1000
|
heap
|
page read and write
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
DC1000
|
heap
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
DA3000
|
heap
|
page read and write
|
||
|
94FE000
|
stack
|
page read and write
|
||
|
7280000
|
heap
|
page read and write
|
||
|
9AFF000
|
stack
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
6DDB000
|
heap
|
page read and write
|
||
|
877E000
|
stack
|
page read and write
|
||
|
837F000
|
stack
|
page read and write
|
||
|
7CA000
|
stack
|
page read and write
|
||
|
B71000
|
unkown
|
page execute read
|
||
|
BAA000
|
unkown
|
page read and write
|
||
|
59C3000
|
heap
|
page read and write
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
89FE000
|
stack
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
D5A000
|
heap
|
page read and write
|
||
|
823F000
|
stack
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
887F000
|
stack
|
page read and write
|
||
|
8B04000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
973F000
|
stack
|
page read and write
|
||
|
4D93000
|
heap
|
page read and write
|
||
|
9D7F000
|
stack
|
page read and write
|
||
|
2AF0000
|
trusted library allocation
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
B71000
|
unkown
|
page execute read
|
||
|
90FF000
|
stack
|
page read and write
|
||
|
8AFF000
|
stack
|
page read and write
|
||
|
7B0000
|
stack
|
page read and write
|
||
|
5F08000
|
heap
|
page read and write
|
||
|
7ABF000
|
stack
|
page read and write
|
||
|
79F000
|
stack
|
page read and write
|
||
|
8FBF000
|
stack
|
page read and write
|
||
|
8C3E000
|
stack
|
page read and write
|
||
|
4E02000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
83BE000
|
stack
|
page read and write
|
||
|
D7A000
|
heap
|
page read and write
|
||
|
4D90000
|
heap
|
page read and write
|
||
|
923F000
|
stack
|
page read and write
|
||
|
D7E000
|
heap
|
page read and write
|
||
|
7312000
|
heap
|
page read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
937F000
|
stack
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
6C7E000
|
heap
|
page read and write
|
||
|
4D91000
|
heap
|
page read and write
|
||
|
DAC000
|
heap
|
page read and write
|
||
|
C1D000
|
stack
|
page read and write
|
||
|
2AEE000
|
stack
|
page read and write
|
||
|
4DA2000
|
heap
|
page read and write
|
||
|
4DD2000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
913E000
|
stack
|
page read and write
|
||
|
BCA000
|
unkown
|
page readonly
|
||
|
D8C000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
E47000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
7AFE000
|
stack
|
page read and write
|
||
|
E47000
|
heap
|
page read and write
|
||
|
76FF000
|
stack
|
page read and write
|
||
|
4E6B000
|
heap
|
page read and write
|
||
|
4FC3000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
D8F000
|
heap
|
page read and write
|
||
|
2EFF000
|
stack
|
page read and write
|
||
|
4E33000
|
heap
|
page read and write
|
||
|
4E02000
|
heap
|
page read and write
|
||
|
6E7B000
|
heap
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
2BC4000
|
heap
|
page read and write
|
||
|
D84000
|
heap
|
page read and write
|
||
|
7BB000
|
stack
|
page read and write
|
||
|
98BE000
|
stack
|
page read and write
|
||
|
4D85000
|
heap
|
page read and write
|
||
|
85FF000
|
stack
|
page read and write
|
||
|
DF5000
|
heap
|
page read and write
|
||
|
7FBF000
|
stack
|
page read and write
|
||
|
977E000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
4D6D000
|
heap
|
page read and write
|
||
|
6D2B000
|
heap
|
page read and write
|
||
|
6C6000
|
stack
|
page read and write
|
||
|
4E34000
|
heap
|
page read and write
|
||
|
987F000
|
stack
|
page read and write
|
||
|
BAE000
|
unkown
|
page read and write
|
||
|
84BF000
|
stack
|
page read and write
|
||
|
BA0000
|
unkown
|
page readonly
|
||
|
4D60000
|
heap
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
4521000
|
heap
|
page read and write
|
||
|
9B3E000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
There are 202 hidden memdumps, click here to show them.