Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
voj5cnRxyy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\voj5cnRxyy.exe
|
"C:\Users\user\Desktop\voj5cnRxyy.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\Desktop\voj5cnRxyy.exe" "voj5cnRxyy.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
troia23.duckdns.org
|
18.229.140.246
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.229.140.246
|
troia23.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\bcb4c719d2ef301534574d61226c5663
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D2000
|
unkown
|
page readonly
|
|
|
|
AE5000
|
heap
|
page read and write
|
||
|
111A000
|
heap
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
108D000
|
heap
|
page read and write
|
||
|
D0B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
CDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
108C000
|
heap
|
page read and write
|
||
|
1115000
|
heap
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
10CD000
|
heap
|
page read and write
|
||
|
10B3000
|
heap
|
page read and write
|
||
|
CF2000
|
trusted library allocation
|
page execute and read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
4CAB000
|
stack
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
2AE5000
|
trusted library allocation
|
page read and write
|
||
|
A68000
|
heap
|
page read and write
|
||
|
4D29000
|
stack
|
page read and write
|
||
|
5190000
|
trusted library allocation
|
page execute and read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
A6E000
|
heap
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
108C000
|
heap
|
page read and write
|
||
|
DBC000
|
stack
|
page read and write
|
||
|
2DDE000
|
trusted library allocation
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
1094000
|
heap
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
2AB1000
|
trusted library allocation
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
567A000
|
heap
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
CA0000
|
heap
|
page read and write
|
||
|
10CE000
|
heap
|
page read and write
|
||
|
5666000
|
heap
|
page read and write
|
||
|
10BB000
|
heap
|
page read and write
|
||
|
566F000
|
heap
|
page read and write
|
||
|
106D000
|
heap
|
page read and write
|
||
|
108C000
|
heap
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
D9B000
|
stack
|
page read and write
|
||
|
1057000
|
heap
|
page read and write
|
||
|
10AF000
|
heap
|
page read and write
|
||
|
2B09000
|
trusted library allocation
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
108D000
|
heap
|
page read and write
|
||
|
5640000
|
heap
|
page read and write
|
||
|
D07000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
10C5000
|
heap
|
page read and write
|
||
|
10B4000
|
heap
|
page read and write
|
||
|
CD2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
7FB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BB000
|
heap
|
page read and write
|
||
|
3D0000
|
unkown
|
page readonly
|
||
|
10B9000
|
heap
|
page read and write
|
||
|
4C10000
|
trusted library allocation
|
page read and write
|
||
|
276E000
|
stack
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
CEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
102A000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
10C6000
|
heap
|
page read and write
|
||
|
55DF000
|
stack
|
page read and write
|
||
|
108F000
|
heap
|
page read and write
|
||
|
4CEC000
|
stack
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
115E000
|
unkown
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
10CA000
|
heap
|
page read and write
|
||
|
10B7000
|
heap
|
page read and write
|
||
|
5661000
|
heap
|
page read and write
|
||
|
5679000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
10BF000
|
heap
|
page read and write
|
||
|
107B000
|
heap
|
page read and write
|
||
|
1094000
|
heap
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
4D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
1072000
|
heap
|
page read and write
|
||
|
566F000
|
heap
|
page read and write
|
||
|
C94000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
C90000
|
trusted library allocation
|
page read and write
|
||
|
5662000
|
heap
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
10CC000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
10C6000
|
heap
|
page read and write
|
||
|
E90000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
DC6000
|
heap
|
page read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
D93000
|
stack
|
page read and write
|
||
|
5060000
|
heap
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
107A000
|
heap
|
page read and write
|
||
|
EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E5E000
|
stack
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
766000
|
stack
|
page read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
B13000
|
heap
|
page read and write
|
||
|
4DA0000
|
unclassified section
|
page read and write
|
||
|
106A000
|
heap
|
page read and write
|
||
|
10C2000
|
heap
|
page read and write
|
||
|
10D1000
|
heap
|
page read and write
|
||
|
3AB1000
|
trusted library allocation
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
EB3000
|
heap
|
page read and write
|
||
|
566F000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page execute and read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
111A000
|
heap
|
page read and write
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
1119000
|
heap
|
page read and write
|
||
|
108E000
|
heap
|
page read and write
|
||
|
10C7000
|
heap
|
page read and write
|
||
|
2DDA000
|
trusted library allocation
|
page read and write
|
||
|
C9B000
|
stack
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
CE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
10BB000
|
heap
|
page read and write
|
||
|
2ABD000
|
trusted library allocation
|
page read and write
|
||
|
C97000
|
trusted library allocation
|
page read and write
|
||
|
1114000
|
heap
|
page read and write
|
||
|
4C6C000
|
stack
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
11C5000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
66A000
|
stack
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
DD8000
|
trusted library allocation
|
page read and write
|
||
|
1116000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
10C3000
|
heap
|
page read and write
|
||
|
10BA000
|
heap
|
page read and write
|
||
|
10B6000
|
heap
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
CB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1073000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
107B000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
1078000
|
heap
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
4BAE000
|
stack
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
111E000
|
heap
|
page read and write
|
||
|
111D000
|
heap
|
page read and write
|
||
|
2B2D000
|
trusted library allocation
|
page read and write
|
||
|
110F000
|
heap
|
page read and write
|
||
|
5676000
|
heap
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
10BD000
|
heap
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
5678000
|
heap
|
page read and write
|
||
|
106F000
|
heap
|
page read and write
|
||
|
10C2000
|
heap
|
page read and write
|
||
|
CBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1068000
|
heap
|
page read and write
|
||
|
1111000
|
heap
|
page read and write
|
||
|
5677000
|
heap
|
page read and write
|
||
|
10B8000
|
heap
|
page read and write
|
||
|
10F5000
|
heap
|
page read and write
|
||
|
A9E000
|
heap
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
566C000
|
heap
|
page read and write
|
||
|
5661000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
10B5000
|
heap
|
page read and write
|
||
|
10C2000
|
heap
|
page read and write
|
||
|
10CD000
|
heap
|
page read and write
|
||
|
106B000
|
heap
|
page read and write
|
||
|
CFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
111C000
|
heap
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
D02000
|
trusted library allocation
|
page read and write
|
||
|
10CC000
|
heap
|
page read and write
|
||
|
10C8000
|
heap
|
page read and write
|
||
|
10B9000
|
heap
|
page read and write
|
||
|
1176000
|
heap
|
page read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
566A000
|
heap
|
page read and write
|
||
|
566F000
|
heap
|
page read and write
|
||
|
10BA000
|
heap
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
10CC000
|
heap
|
page read and write
|
||
|
10BF000
|
heap
|
page read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
139E000
|
unkown
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
10BE000
|
heap
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
AD7000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
There are 211 hidden memdumps, click here to show them.