Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Botkiller.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Botkiller.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Botkiller.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Botkiller.exe
|
"C:\Users\user\Desktop\Botkiller.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\Botkiller.exe
|
"C:\Users\user\AppData\Roaming\Botkiller.exe"
|
|
|
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM wscript.exe
|
||
|
C:\Windows\SysWOW64\taskkill.exe
|
TASKKILL /F /IM cmd.exe
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
45.83.207.67
|
|
||
|
https://www.youtube.com/watch?v=Ji9IwPId5UkPThis
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.83.207.67
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Botkiller.exe
|
[kl]
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
|
Hidden
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A01000
|
trusted library allocation
|
page read and write
|
|
|
|
3071000
|
trusted library allocation
|
page read and write
|
|
|
|
1510000
|
heap
|
page execute and read and write
|
||
|
A4A000
|
unkown
|
page readonly
|
||
|
3150000
|
heap
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
579000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
32BB000
|
heap
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
328B000
|
heap
|
page read and write
|
||
|
12EE000
|
stack
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
29E0000
|
heap
|
page read and write
|
||
|
2A84000
|
trusted library allocation
|
page read and write
|
||
|
328B000
|
heap
|
page read and write
|
||
|
32C1000
|
heap
|
page read and write
|
||
|
A0E000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
32B7000
|
heap
|
page read and write
|
||
|
126F000
|
stack
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
53B0000
|
heap
|
page read and write
|
||
|
74F000
|
unkown
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
319C000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
EBE000
|
unkown
|
page read and write
|
||
|
573E000
|
stack
|
page read and write
|
||
|
10FE000
|
heap
|
page read and write
|
||
|
4F9E000
|
stack
|
page read and write
|
||
|
12A0000
|
trusted library allocation
|
page read and write
|
||
|
5E6000
|
stack
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
502F000
|
stack
|
page read and write
|
||
|
AE5000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
4D70000
|
trusted library allocation
|
page read and write
|
||
|
3A01000
|
trusted library allocation
|
page read and write
|
||
|
1272000
|
trusted library allocation
|
page execute and read and write
|
||
|
F1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
AED000
|
heap
|
page read and write
|
||
|
91E000
|
heap
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
A78000
|
heap
|
page read and write
|
||
|
A36000
|
unkown
|
page readonly
|
||
|
A86000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
2F9F000
|
unkown
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
79E000
|
stack
|
page read and write
|
||
|
2AA8000
|
trusted library allocation
|
page read and write
|
||
|
4C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
EE2000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D5000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
53A0000
|
heap
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
1131000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
EEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
50AF000
|
stack
|
page read and write
|
||
|
EB5000
|
heap
|
page read and write
|
||
|
107E000
|
heap
|
page read and write
|
||
|
1062000
|
trusted library allocation
|
page execute and read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
A30000
|
unkown
|
page readonly
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
4BE0000
|
trusted library allocation
|
page read and write
|
||
|
7F7C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
32BA000
|
heap
|
page read and write
|
||
|
10CE000
|
heap
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
10C4000
|
heap
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D3F000
|
stack
|
page read and write
|
||
|
E3C000
|
stack
|
page read and write
|
||
|
A32000
|
unkown
|
page readonly
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
D4C000
|
stack
|
page read and write
|
||
|
587E000
|
stack
|
page read and write
|
||
|
31AF000
|
heap
|
page read and write
|
||
|
128A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F07000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
12A7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
505C000
|
stack
|
page read and write
|
||
|
3140000
|
heap
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
310E000
|
stack
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
4EA000
|
stack
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
31CB000
|
heap
|
page read and write
|
||
|
D8C000
|
stack
|
page read and write
|
||
|
4A08000
|
trusted library allocation
|
page read and write
|
||
|
4FEE000
|
stack
|
page read and write
|
||
|
F12000
|
trusted library allocation
|
page execute and read and write
|
||
|
3035000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
9ED000
|
heap
|
page read and write
|
||
|
501B000
|
stack
|
page read and write
|
||
|
AEB000
|
stack
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
4EDF000
|
stack
|
page read and write
|
||
|
3270000
|
heap
|
page read and write
|
||
|
52C000
|
stack
|
page read and write
|
||
|
4071000
|
trusted library allocation
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
A5C000
|
heap
|
page read and write
|
||
|
258E000
|
stack
|
page read and write
|
||
|
509D000
|
stack
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
9F4000
|
heap
|
page read and write
|
||
|
31AF000
|
heap
|
page read and write
|
||
|
2F5E000
|
unkown
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
BE6000
|
stack
|
page read and write
|
||
|
1277000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
512F000
|
stack
|
page read and write
|
||
|
31B8000
|
heap
|
page read and write
|
||
|
106A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5220000
|
trusted library allocation
|
page execute and read and write
|
||
|
50FE000
|
stack
|
page read and write
|
||
|
31AF000
|
heap
|
page read and write
|
||
|
5E7C000
|
stack
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
4101000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
heap
|
page read and write
|
||
|
3A2F000
|
trusted library allocation
|
page read and write
|
||
|
3A4F000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
4F5F000
|
stack
|
page read and write
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
5D7C000
|
stack
|
page read and write
|
||
|
31C5000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
319C000
|
heap
|
page read and write
|
||
|
129A000
|
trusted library allocation
|
page execute and read and write
|
||
|
A5C000
|
unkown
|
page readonly
|
||
|
900000
|
heap
|
page read and write
|
||
|
31C9000
|
heap
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
A0D000
|
heap
|
page read and write
|
||
|
F22000
|
trusted library allocation
|
page read and write
|
||
|
53E000
|
unkown
|
page read and write
|
||
|
31AA000
|
heap
|
page read and write
|
||
|
1287000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED7000
|
trusted library allocation
|
page read and write
|
||
|
5380000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFE000
|
unkown
|
page read and write
|
||
|
1292000
|
trusted library allocation
|
page execute and read and write
|
||
|
55B000
|
heap
|
page read and write
|
||
|
2B3E000
|
trusted library allocation
|
page read and write
|
||
|
583E000
|
stack
|
page read and write
|
||
|
C3E000
|
stack
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
2FF0000
|
heap
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
trusted library allocation
|
page read and write
|
||
|
32A8000
|
heap
|
page read and write
|
||
|
4EC000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
1050000
|
trusted library allocation
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
31CB000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
4FDF000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
32BE000
|
heap
|
page read and write
|
||
|
A48000
|
heap
|
page read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
BFF000
|
stack
|
page read and write
|
||
|
31AB000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
31CC000
|
heap
|
page read and write
|
||
|
4D6C000
|
stack
|
page read and write
|
||
|
F2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3278000
|
heap
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
A88000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
5DE000
|
unkown
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
BE9000
|
stack
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
A5F000
|
heap
|
page read and write
|
||
|
F27000
|
trusted library allocation
|
page execute and read and write
|
||
|
328F000
|
heap
|
page read and write
|
||
|
EF2000
|
trusted library allocation
|
page execute and read and write
|
||
|
50A0000
|
unclassified section
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
4BDD000
|
stack
|
page read and write
|
||
|
319D000
|
heap
|
page read and write
|
||
|
127C000
|
trusted library allocation
|
page execute and read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
328C000
|
heap
|
page read and write
|
||
|
2C2F000
|
stack
|
page read and write
|
||
|
2FDE000
|
stack
|
page read and write
|
||
|
4ADC000
|
stack
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
3188000
|
heap
|
page read and write
|
||
|
31C7000
|
heap
|
page read and write
|
||
|
47C000
|
stack
|
page read and write
|
||
|
4BE5000
|
trusted library allocation
|
page read and write
|
||
|
31C4000
|
heap
|
page read and write
|
||
|
5FDE000
|
stack
|
page read and write
|
||
|
EBF000
|
stack
|
page read and write
|
||
|
A8B000
|
heap
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
3A90000
|
trusted library allocation
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
40BF000
|
trusted library allocation
|
page read and write
|
||
|
32BF000
|
heap
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
4D00000
|
trusted library allocation
|
page execute and read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
329F000
|
heap
|
page read and write
|
||
|
E70000
|
heap
|
page read and write
|
||
|
A32000
|
unkown
|
page readonly
|
||
|
90F000
|
unkown
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
BCC000
|
stack
|
page read and write
|
||
|
4C00000
|
heap
|
page read and write
|
||
|
548000
|
heap
|
page read and write
|
||
|
2ACC000
|
trusted library allocation
|
page read and write
|
||
|
12AB000
|
trusted library allocation
|
page execute and read and write
|
||
|
D20000
|
heap
|
page execute and read and write
|
||
|
F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
506E000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
4C03000
|
heap
|
page read and write
|
||
|
5EDE000
|
stack
|
page read and write
|
||
|
59BE000
|
stack
|
page read and write
|
||
|
10F4000
|
heap
|
page read and write
|
There are 268 hidden memdumps, click here to show them.