Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Quote1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\undiscernibly
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Quote1.exe
|
"C:\Users\user\Desktop\Quote1.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\Quote1.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org
|
unknown
|
|
|
|
https://api.telegram.org/bot
|
unknown
|
|
|
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://reallyfreegeoip.org
|
unknown
|
||
|
https://reallyfreegeoip.org
|
unknown
|
||
|
https://api.telegram.org/bot7875791011:AAE04KxIyEpkKPdll3baXne01itunMyk28Y/sendDocument?chat_id=8177
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.815
|
unknown
|
||
|
https://api.telegram.org/bot7875791011:AAE04KxIyEpkKPdll3baXne01itunMyk28Y/sendDocument?chat_id=8177481203&caption=user%20/%20Passwords%20/%20173.254.250.81
|
149.154.167.220
|
||
|
https://api.telegram.org/bot-/sendDocument?chat_id=
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/173.254.250.81
|
188.114.96.3
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
reallyfreegeoip.org
|
188.114.96.3
|
|
|
|
api.telegram.org
|
149.154.167.220
|
|
|
|
checkip.dyndns.org
|
unknown
|
|
|
|
206.23.85.13.in-addr.arpa
|
unknown
|
|
|
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
|
|
|
188.114.96.3
|
reallyfreegeoip.org
|
European Union
|
|
|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D30000
|
trusted library section
|
page read and write
|
|
|
|
4171000
|
trusted library allocation
|
page read and write
|
|
|
|
5730000
|
trusted library section
|
page read and write
|
|
|
|
3306000
|
trusted library allocation
|
page read and write
|
|
|
|
2E80000
|
heap
|
page read and write
|
|
|
|
2F6F000
|
heap
|
page read and write
|
||
|
3E7C000
|
heap
|
page read and write
|
||
|
6727000
|
trusted library allocation
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
A35000
|
heap
|
page read and write
|
||
|
66E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C37000
|
trusted library allocation
|
page execute and read and write
|
||
|
441A000
|
heap
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
8B4000
|
stack
|
page read and write
|
||
|
6CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4259000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
41E4000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
56F6000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
580D000
|
stack
|
page read and write
|
||
|
32F4000
|
trusted library allocation
|
page read and write
|
||
|
2BF4000
|
trusted library allocation
|
page read and write
|
||
|
3E36000
|
heap
|
page read and write
|
||
|
5722000
|
trusted library allocation
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page read and write
|
||
|
6720000
|
trusted library allocation
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
318E000
|
trusted library allocation
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
4011000
|
heap
|
page read and write
|
||
|
56EF000
|
stack
|
page read and write
|
||
|
1197000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
2C32000
|
trusted library allocation
|
page read and write
|
||
|
318A000
|
trusted library allocation
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
5760000
|
heap
|
page execute and read and write
|
||
|
4011000
|
heap
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
3244000
|
heap
|
page read and write
|
||
|
31CD000
|
trusted library allocation
|
page read and write
|
||
|
2C2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
31A1000
|
trusted library allocation
|
page read and write
|
||
|
A1E000
|
stack
|
page read and write
|
||
|
3E63000
|
heap
|
page read and write
|
||
|
324D000
|
trusted library allocation
|
page read and write
|
||
|
6CCF000
|
stack
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
33A5000
|
trusted library allocation
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
3F14000
|
heap
|
page read and write
|
||
|
58E4000
|
heap
|
page read and write
|
||
|
32C7000
|
trusted library allocation
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
2C13000
|
trusted library allocation
|
page read and write
|
||
|
2C26000
|
trusted library allocation
|
page execute and read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
31BE000
|
trusted library allocation
|
page read and write
|
||
|
4A7000
|
unkown
|
page read and write
|
||
|
3F22000
|
heap
|
page read and write
|
||
|
3300000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
327D000
|
trusted library allocation
|
page read and write
|
||
|
6730000
|
trusted library allocation
|
page read and write
|
||
|
31CB000
|
trusted library allocation
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
5702000
|
trusted library allocation
|
page read and write
|
||
|
2C30000
|
trusted library allocation
|
page read and write
|
||
|
671D000
|
trusted library allocation
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
4014000
|
heap
|
page read and write
|
||
|
67B0000
|
heap
|
page read and write
|
||
|
3250000
|
trusted library allocation
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
692E000
|
stack
|
page read and write
|
||
|
317C000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
114D000
|
heap
|
page read and write
|
||
|
2BF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
40B9000
|
heap
|
page read and write
|
||
|
5C0E000
|
stack
|
page read and write
|
||
|
2BFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
421A000
|
trusted library allocation
|
page read and write
|
||
|
329F000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
318C000
|
trusted library allocation
|
page read and write
|
||
|
3177000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
398E000
|
stack
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
3169000
|
heap
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
3030000
|
heap
|
page execute and read and write
|
||
|
33E3000
|
trusted library allocation
|
page read and write
|
||
|
2C10000
|
trusted library allocation
|
page read and write
|
||
|
56FE000
|
trusted library allocation
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
3197000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A47000
|
heap
|
page read and write
|
||
|
6FC0000
|
heap
|
page read and write
|
||
|
3E17000
|
heap
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
6A6E000
|
stack
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
3171000
|
trusted library allocation
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
3188000
|
trusted library allocation
|
page read and write
|
||
|
31D9000
|
trusted library allocation
|
page read and write
|
||
|
DEE000
|
stack
|
page read and write
|
||
|
2CC0000
|
heap
|
page read and write
|
||
|
671B000
|
trusted library allocation
|
page read and write
|
||
|
31CF000
|
trusted library allocation
|
page read and write
|
||
|
3E33000
|
heap
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
3288000
|
trusted library allocation
|
page read and write
|
||
|
2C3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F0B000
|
heap
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
32E3000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
2C03000
|
heap
|
page read and write
|
||
|
4053000
|
heap
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
31C6000
|
trusted library allocation
|
page read and write
|
||
|
3D90000
|
heap
|
page read and write
|
||
|
3186000
|
trusted library allocation
|
page read and write
|
||
|
323F000
|
trusted library allocation
|
page read and write
|
||
|
5716000
|
trusted library allocation
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
323C000
|
trusted library allocation
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
41EE000
|
trusted library allocation
|
page read and write
|
||
|
31BC000
|
trusted library allocation
|
page read and write
|
||
|
3010000
|
trusted library allocation
|
page read and write
|
||
|
3182000
|
trusted library allocation
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
177F000
|
stack
|
page read and write
|
||
|
3EE0000
|
heap
|
page read and write
|
||
|
31A3000
|
trusted library allocation
|
page read and write
|
||
|
D09000
|
stack
|
page read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
2CAE000
|
stack
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
3D8F000
|
stack
|
page read and write
|
||
|
570E000
|
trusted library allocation
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
490000
|
unkown
|
page write copy
|
||
|
582B000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
4010000
|
heap
|
page execute and read and write
|
||
|
3297000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
5912000
|
heap
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
56FB000
|
trusted library allocation
|
page read and write
|
||
|
56F4000
|
trusted library allocation
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page execute and read and write
|
||
|
5711000
|
trusted library allocation
|
page read and write
|
||
|
66D2000
|
trusted library allocation
|
page read and write
|
||
|
401F000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
31C2000
|
trusted library allocation
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
2C20000
|
trusted library allocation
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
31A7000
|
trusted library allocation
|
page read and write
|
||
|
6C8E000
|
stack
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
44CE000
|
heap
|
page read and write
|
||
|
319B000
|
trusted library allocation
|
page read and write
|
||
|
117A000
|
heap
|
page read and write
|
||
|
40B9000
|
heap
|
page read and write
|
||
|
1118000
|
heap
|
page read and write
|
||
|
32DF000
|
trusted library allocation
|
page read and write
|
||
|
11CC000
|
heap
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
2C22000
|
trusted library allocation
|
page read and write
|
||
|
570A000
|
trusted library allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
3247000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
329B000
|
trusted library allocation
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page execute and read and write
|
||
|
31C9000
|
trusted library allocation
|
page read and write
|
||
|
4021000
|
heap
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
3184000
|
trusted library allocation
|
page read and write
|
||
|
6740000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
41F1000
|
trusted library allocation
|
page read and write
|
||
|
325C000
|
trusted library allocation
|
page read and write
|
||
|
31A5000
|
trusted library allocation
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
3293000
|
trusted library allocation
|
page read and write
|
||
|
3E2B000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
490000
|
unkown
|
page read and write
|
||
|
2BBE000
|
stack
|
page read and write
|
||
|
31D1000
|
trusted library allocation
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
58D0000
|
heap
|
page read and write
|
||
|
6CF0000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
31B6000
|
trusted library allocation
|
page read and write
|
||
|
32BC000
|
trusted library allocation
|
page read and write
|
||
|
426000
|
system
|
page execute and read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
436000
|
system
|
page execute and read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
32FB000
|
trusted library allocation
|
page read and write
|
||
|
BBC000
|
heap
|
page read and write
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
2C35000
|
trusted library allocation
|
page execute and read and write
|
||
|
3193000
|
trusted library allocation
|
page read and write
|
||
|
32D1000
|
trusted library allocation
|
page read and write
|
||
|
B8E000
|
heap
|
page read and write
|
||
|
31C4000
|
trusted library allocation
|
page read and write
|
||
|
488D000
|
direct allocation
|
page read and write
|
||
|
3050000
|
direct allocation
|
page read and write
|
||
|
32DA000
|
trusted library allocation
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
30D1000
|
heap
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
4760000
|
direct allocation
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
4AB000
|
unkown
|
page readonly
|
||
|
314A000
|
heap
|
page read and write
|
||
|
696E000
|
stack
|
page read and write
|
||
|
6710000
|
trusted library allocation
|
page read and write
|
||
|
5977000
|
heap
|
page read and write
|
||
|
31A9000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
trusted library allocation
|
page read and write
|
||
|
33E7000
|
trusted library allocation
|
page read and write
|
||
|
45C0000
|
direct allocation
|
page read and write
|
||
|
48FE000
|
direct allocation
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
DF0000
|
trusted library section
|
page read and write
|
||
|
3F14000
|
heap
|
page read and write
|
||
|
32C1000
|
trusted library allocation
|
page read and write
|
||
|
31AB000
|
trusted library allocation
|
page read and write
|
||
|
46E3000
|
direct allocation
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
68ED000
|
stack
|
page read and write
|
||
|
70CF000
|
stack
|
page read and write
|
||
|
319F000
|
trusted library allocation
|
page read and write
|
||
|
31D7000
|
trusted library allocation
|
page read and write
|
||
|
571D000
|
trusted library allocation
|
page read and write
|
||
|
482000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
30C5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
325A000
|
trusted library allocation
|
page read and write
|
||
|
4889000
|
direct allocation
|
page read and write
|
||
|
2C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
970000
|
heap
|
page read and write
|
There are 275 hidden memdumps, click here to show them.