Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
1x6jzcZeRu.exe
|
PE32+ executable (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1x6jzcZeRu.exe
|
"C:\Users\user\Desktop\1x6jzcZeRu.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
156.255.2.100
|
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06M
|
unknown
|
||
|
http://code.jquery.com/
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsography
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsV
|
unknown
|
||
|
https://156.255.2.100/
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsY
|
unknown
|
||
|
https://156.255.2.100:18896/dlliCe
|
unknown
|
||
|
https://156.255.2.100:18896/
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsyptnetUrlCache
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jspXS
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js$Y
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsl
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js.
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js2
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsr
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsxX
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js9
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsoint:V
|
unknown
|
||
|
https://156.255.2.100:18896/SMF
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider9
|
unknown
|
||
|
http://code.jquery.com/9
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsy~Z
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.js%
|
unknown
|
||
|
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider8Xk
|
unknown
|
||
|
https://156.255.2.100:18896/l
|
unknown
|
There are 19 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
156.255.2.100
|
unknown
|
Seychelles
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C000180000
|
direct allocation
|
page read and write
|
|
|
|
14673FE0000
|
direct allocation
|
page execute read
|
|
|
|
14674DC0000
|
direct allocation
|
page execute read
|
|
|
|
14674061000
|
direct allocation
|
page read and write
|
|
|
|
C000104000
|
direct allocation
|
page read and write
|
||
|
C000060000
|
direct allocation
|
page read and write
|
||
|
14674A24000
|
heap
|
page read and write
|
||
|
1464D408000
|
direct allocation
|
page read and write
|
||
|
1464D4BA000
|
heap
|
page read and write
|
||
|
14674A4F000
|
heap
|
page read and write
|
||
|
1464D4DD000
|
heap
|
page read and write
|
||
|
14674991000
|
heap
|
page read and write
|
||
|
E051FE000
|
stack
|
page read and write
|
||
|
1464D45C000
|
heap
|
page read and write
|
||
|
E05DFB000
|
stack
|
page read and write
|
||
|
E05FFD000
|
stack
|
page read and write
|
||
|
14674A09000
|
heap
|
page read and write
|
||
|
C00003D000
|
direct allocation
|
page read and write
|
||
|
1464D4B4000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
1D5000
|
unkown
|
page read and write
|
||
|
14674A09000
|
heap
|
page read and write
|
||
|
C000028000
|
direct allocation
|
page read and write
|
||
|
14674A2A000
|
heap
|
page read and write
|
||
|
C000044000
|
direct allocation
|
page read and write
|
||
|
1464D404000
|
direct allocation
|
page read and write
|
||
|
14674AB1000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
C00002A000
|
direct allocation
|
page read and write
|
||
|
1464D440000
|
direct allocation
|
page read and write
|
||
|
146749B8000
|
heap
|
page read and write
|
||
|
1464D54A000
|
heap
|
page read and write
|
||
|
1D7000
|
unkown
|
page write copy
|
||
|
1464D532000
|
heap
|
page read and write
|
||
|
14674DC1000
|
direct allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
14672800000
|
direct allocation
|
page read and write
|
||
|
1464D40A000
|
direct allocation
|
page read and write
|
||
|
C000114000
|
direct allocation
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
14674B88000
|
heap
|
page read and write
|
||
|
14674A01000
|
heap
|
page read and write
|
||
|
14674A1B000
|
heap
|
page read and write
|
||
|
14674A3F000
|
heap
|
page read and write
|
||
|
1467407D000
|
direct allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
C00002D000
|
direct allocation
|
page read and write
|
||
|
14674082000
|
direct allocation
|
page read and write
|
||
|
14674AB0000
|
heap
|
page read and write
|
||
|
1D8000
|
unkown
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
14674A24000
|
heap
|
page read and write
|
||
|
1464D52F000
|
heap
|
page read and write
|
||
|
E4000
|
unkown
|
page readonly
|
||
|
1464D4FC000
|
heap
|
page read and write
|
||
|
C000065000
|
direct allocation
|
page read and write
|
||
|
14674A17000
|
heap
|
page read and write
|
||
|
1464D40C000
|
direct allocation
|
page read and write
|
||
|
14674A51000
|
heap
|
page read and write
|
||
|
C000002000
|
direct allocation
|
page read and write
|
||
|
C000116000
|
direct allocation
|
page read and write
|
||
|
1464D54C000
|
heap
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
1D5000
|
unkown
|
page write copy
|
||
|
14674A09000
|
heap
|
page read and write
|
||
|
14674AB1000
|
heap
|
page read and write
|
||
|
14674990000
|
heap
|
page read and write
|
||
|
14674A09000
|
heap
|
page read and write
|
||
|
14674A4F000
|
heap
|
page read and write
|
||
|
1464D4C0000
|
heap
|
page read and write
|
||
|
1464D450000
|
heap
|
page read and write
|
||
|
C00004D000
|
direct allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
1464D52C000
|
heap
|
page read and write
|
||
|
1464D532000
|
heap
|
page read and write
|
||
|
26C000
|
unkown
|
page read and write
|
||
|
1467407A000
|
direct allocation
|
page read and write
|
||
|
1FE000
|
unkown
|
page read and write
|
||
|
14674AD5000
|
heap
|
page read and write
|
||
|
14674980000
|
remote allocation
|
page read and write
|
||
|
61000
|
unkown
|
page execute read
|
||
|
276000
|
unkown
|
page readonly
|
||
|
1464D581000
|
direct allocation
|
page read and write
|
||
|
E4000
|
unkown
|
page readonly
|
||
|
275000
|
unkown
|
page write copy
|
||
|
275000
|
unkown
|
page write copy
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
1464D3D0000
|
heap
|
page read and write
|
||
|
C00005C000
|
direct allocation
|
page read and write
|
||
|
E4000
|
unkown
|
page readonly
|
||
|
14674A17000
|
heap
|
page read and write
|
||
|
276000
|
unkown
|
page readonly
|
||
|
1464D5F5000
|
heap
|
page read and write
|
||
|
14674A27000
|
heap
|
page read and write
|
||
|
14674B00000
|
heap
|
page read and write
|
||
|
14674B88000
|
heap
|
page read and write
|
||
|
204000
|
unkown
|
page read and write
|
||
|
146744BF000
|
heap
|
page read and write
|
||
|
C000118000
|
direct allocation
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
1464D532000
|
heap
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
14674A46000
|
heap
|
page read and write
|
||
|
60000
|
unkown
|
page readonly
|
||
|
14674A1B000
|
heap
|
page read and write
|
||
|
E04FFF000
|
stack
|
page read and write
|
||
|
14674077000
|
direct allocation
|
page read and write
|
||
|
C000100000
|
direct allocation
|
page read and write
|
||
|
14674B8B000
|
heap
|
page read and write
|
||
|
1464D400000
|
direct allocation
|
page read and write
|
||
|
14674A24000
|
heap
|
page read and write
|
||
|
14674B37000
|
heap
|
page read and write
|
||
|
14674080000
|
direct allocation
|
page read and write
|
||
|
146749DA000
|
heap
|
page read and write
|
||
|
14674980000
|
remote allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
C00000C000
|
direct allocation
|
page read and write
|
||
|
14674B00000
|
heap
|
page read and write
|
||
|
C00011C000
|
direct allocation
|
page read and write
|
||
|
E05BFE000
|
stack
|
page read and write
|
||
|
61000
|
unkown
|
page execute read
|
||
|
14674B0B000
|
heap
|
page read and write
|
||
|
270000
|
unkown
|
page readonly
|
||
|
14674B88000
|
heap
|
page read and write
|
||
|
1464D4DD000
|
heap
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
14674980000
|
remote allocation
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
14674B5C000
|
heap
|
page read and write
|
||
|
14674A62000
|
heap
|
page read and write
|
||
|
1464D530000
|
heap
|
page read and write
|
||
|
C000102000
|
direct allocation
|
page read and write
|
||
|
E057FD000
|
stack
|
page read and write
|
||
|
14674B37000
|
heap
|
page read and write
|
||
|
14674ADD000
|
heap
|
page read and write
|
||
|
270000
|
unkown
|
page readonly
|
||
|
1464D52C000
|
heap
|
page read and write
|
||
|
1464D4C1000
|
heap
|
page read and write
|
||
|
14674A27000
|
heap
|
page read and write
|
||
|
1464D464000
|
heap
|
page read and write
|
||
|
C000080000
|
direct allocation
|
page read and write
|
||
|
14674A01000
|
heap
|
page read and write
|
||
|
14674A1B000
|
heap
|
page read and write
|
||
|
1464D4F8000
|
heap
|
page read and write
|
||
|
14674A2A000
|
heap
|
page read and write
|
||
|
1464D2D0000
|
heap
|
page read and write
|
||
|
14674B0A000
|
heap
|
page read and write
|
||
|
1464D54A000
|
heap
|
page read and write
|
||
|
E059FB000
|
stack
|
page read and write
|
||
|
1464D4FC000
|
heap
|
page read and write
|
||
|
1464D5F0000
|
heap
|
page read and write
|
||
|
C00010E000
|
direct allocation
|
page read and write
|
||
|
14674A17000
|
heap
|
page read and write
|
||
|
14674A1A000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
1464D4FC000
|
heap
|
page read and write
|
||
|
14674A17000
|
heap
|
page read and write
|
||
|
1464D3B0000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
E04BFE000
|
stack
|
page read and write
|
||
|
1464D4FA000
|
heap
|
page read and write
|
||
|
14674A3C000
|
heap
|
page read and write
|
||
|
E04DFF000
|
stack
|
page read and write
|
||
|
14674AB1000
|
heap
|
page read and write
|
||
|
C00002F000
|
direct allocation
|
page read and write
|
||
|
E047FA000
|
stack
|
page read and write
|
||
|
14674030000
|
direct allocation
|
page execute read
|
||
|
14674B90000
|
heap
|
page read and write
|
||
|
146749E2000
|
heap
|
page read and write
|
||
|
14674A09000
|
heap
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
14674B91000
|
heap
|
page read and write
|
||
|
E061FF000
|
stack
|
page read and write
|
||
|
C00003F000
|
direct allocation
|
page read and write
|
||
|
14674A4F000
|
heap
|
page read and write
|
||
|
1464D52C000
|
heap
|
page read and write
|
||
|
14674A24000
|
heap
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
14674B0A000
|
heap
|
page read and write
|
||
|
61000
|
unkown
|
page execute read
|
||
|
14674A1A000
|
heap
|
page read and write
|
||
|
14674A2A000
|
heap
|
page read and write
|
||
|
14674A01000
|
heap
|
page read and write
|
||
|
146749B9000
|
heap
|
page read and write
|
||
|
14674A36000
|
heap
|
page read and write
|
||
|
14674B5C000
|
heap
|
page read and write
|
||
|
14674A51000
|
heap
|
page read and write
|
||
|
14674B92000
|
heap
|
page read and write
|
||
|
14674A29000
|
heap
|
page read and write
|
||
|
14674A24000
|
heap
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
1464D583000
|
direct allocation
|
page read and write
|
||
|
14674B90000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
C00010C000
|
direct allocation
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
1464D532000
|
heap
|
page read and write
|
There are 190 hidden memdumps, click here to show them.