Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
UOp1kufsuw.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\DNS Host\dnshost.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_UOp1kufsuw.exe_4343b25f289f3e5955695467cabea10b29f50_00000000_d9943c9d-5599-4d1e-8d3e-c6c5c2579d62\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\9E146BE9-C76A-4720-BCDB-53011B87BD06\run.dat
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2592.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER25D1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\UOp1kufsuw.exe
|
"C:\Users\user\Desktop\UOp1kufsuw.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
|
dw20.exe -x -s 2356
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
|||
|
josh289232.duckdns.org
|
|
||
|
http://google.com
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
josh289232.duckdns.org
|
192.169.69.26
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.169.69.26
|
josh289232.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
DNS Host
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
ProgramId
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
FileId
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
LongPathHash
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Name
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
OriginalFileName
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Publisher
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Version
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
BinFileVersion
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
BinaryType
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
ProductName
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
ProductVersion
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
LinkDate
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
BinProductVersion
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Size
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Language
|
||
|
\REGISTRY\A\{a0d602d3-2ad2-ba27-d56f-efba264ee2ff}\Root\InventoryApplicationFile\uop1kufsuw.exe|3a94f5fdeddf2966
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
001800111C20F8F5
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
862000
|
unkown
|
page readonly
|
|
|
|
40EC000
|
trusted library allocation
|
page read and write
|
|
|
|
5DB0000
|
trusted library section
|
page read and write
|
|
|
|
661E000
|
stack
|
page read and write
|
||
|
11D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
3312000
|
trusted library allocation
|
page read and write
|
||
|
1217000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA5000
|
heap
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
3295000
|
trusted library allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
52F0000
|
heap
|
page execute and read and write
|
||
|
3118000
|
trusted library allocation
|
page read and write
|
||
|
591000
|
heap
|
page read and write
|
||
|
B40000
|
heap
|
page read and write
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
ECA000
|
heap
|
page read and write
|
||
|
52B000
|
heap
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
32E0000
|
trusted library allocation
|
page read and write
|
||
|
3323000
|
trusted library allocation
|
page read and write
|
||
|
97A000
|
stack
|
page read and write
|
||
|
FA9000
|
heap
|
page read and write
|
||
|
340F000
|
trusted library allocation
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page read and write
|
||
|
6210000
|
trusted library section
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
33FF000
|
trusted library allocation
|
page read and write
|
||
|
F89000
|
heap
|
page read and write
|
||
|
5D50000
|
trusted library section
|
page read and write
|
||
|
33A5000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3393000
|
trusted library allocation
|
page read and write
|
||
|
3351000
|
trusted library allocation
|
page read and write
|
||
|
5D40000
|
trusted library section
|
page read and write
|
||
|
8AF000
|
stack
|
page read and write
|
||
|
3250000
|
remote allocation
|
page read and write
|
||
|
1202000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D30000
|
trusted library section
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
33D1000
|
trusted library allocation
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
344B000
|
trusted library allocation
|
page read and write
|
||
|
27A0000
|
heap
|
page read and write
|
||
|
5416000
|
heap
|
page execute and read and write
|
||
|
2CEF000
|
stack
|
page read and write
|
||
|
33BF000
|
stack
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
1200000
|
trusted library allocation
|
page read and write
|
||
|
5D80000
|
trusted library allocation
|
page read and write
|
||
|
60CE000
|
stack
|
page read and write
|
||
|
338D000
|
trusted library allocation
|
page read and write
|
||
|
FB6000
|
heap
|
page read and write
|
||
|
5950000
|
trusted library section
|
page read and write
|
||
|
33EB000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
33E5000
|
trusted library allocation
|
page read and write
|
||
|
42FA000
|
trusted library allocation
|
page read and write
|
||
|
32CE000
|
trusted library allocation
|
page read and write
|
||
|
545C000
|
stack
|
page read and write
|
||
|
5F60000
|
heap
|
page execute and read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
3304000
|
trusted library allocation
|
page read and write
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
11F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
639C000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page execute and read and write
|
||
|
531000
|
heap
|
page read and write
|
||
|
3332000
|
trusted library allocation
|
page read and write
|
||
|
3284000
|
trusted library allocation
|
page read and write
|
||
|
7FB60000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D60000
|
trusted library section
|
page read and write
|
||
|
594E000
|
stack
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page read and write
|
||
|
1334000
|
heap
|
page execute and read and write
|
||
|
53F000
|
heap
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
11C0000
|
trusted library allocation
|
page read and write
|
||
|
610E000
|
stack
|
page read and write
|
||
|
2BAD000
|
stack
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
331B000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
56C0000
|
trusted library section
|
page read and write
|
||
|
5FCE000
|
stack
|
page read and write
|
||
|
5F70000
|
unclassified section
|
page read and write
|
||
|
33AB000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
3367000
|
trusted library allocation
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
F93000
|
heap
|
page read and write
|
||
|
120C000
|
trusted library allocation
|
page execute and read and write
|
||
|
4072000
|
trusted library allocation
|
page read and write
|
||
|
1545000
|
heap
|
page read and write
|
||
|
5E08000
|
heap
|
page read and write
|
||
|
334A000
|
trusted library allocation
|
page read and write
|
||
|
4020000
|
trusted library allocation
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
314E000
|
stack
|
page read and write
|
||
|
5F20000
|
trusted library allocation
|
page read and write
|
||
|
3385000
|
trusted library allocation
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
5400000
|
heap
|
page read and write
|
||
|
5EF0000
|
trusted library section
|
page read and write
|
||
|
52D000
|
heap
|
page read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
531000
|
heap
|
page read and write
|
||
|
2C5E000
|
stack
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
532000
|
heap
|
page read and write
|
||
|
3250000
|
remote allocation
|
page read and write
|
||
|
509F000
|
stack
|
page read and write
|
||
|
324E000
|
stack
|
page read and write
|
||
|
FA3000
|
heap
|
page read and write
|
||
|
51B000
|
heap
|
page read and write
|
||
|
33CD000
|
trusted library allocation
|
page read and write
|
||
|
33C3000
|
trusted library allocation
|
page read and write
|
||
|
E15000
|
heap
|
page read and write
|
||
|
3290000
|
trusted library allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
555000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
2FA1000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
unkown
|
page read and write
|
||
|
671F000
|
stack
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
5F50000
|
trusted library allocation
|
page read and write
|
||
|
32F2000
|
trusted library allocation
|
page read and write
|
||
|
10BD000
|
stack
|
page read and write
|
||
|
5410000
|
heap
|
page execute and read and write
|
||
|
33BE000
|
trusted library allocation
|
page read and write
|
||
|
32E8000
|
trusted library allocation
|
page read and write
|
||
|
3377000
|
trusted library allocation
|
page read and write
|
||
|
32A2000
|
trusted library allocation
|
page read and write
|
||
|
1278000
|
trusted library allocation
|
page read and write
|
||
|
5270000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AAF000
|
stack
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
1210000
|
trusted library allocation
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
332D000
|
trusted library allocation
|
page read and write
|
||
|
40AA000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
882000
|
unkown
|
page readonly
|
||
|
40E8000
|
trusted library allocation
|
page read and write
|
||
|
32E2000
|
trusted library allocation
|
page read and write
|
||
|
56A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB1000
|
heap
|
page read and write
|
||
|
F01000
|
heap
|
page read and write
|
||
|
5DA0000
|
trusted library section
|
page read and write
|
||
|
5D90000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
1270000
|
trusted library allocation
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
681E000
|
stack
|
page read and write
|
||
|
4248000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
344F000
|
trusted library allocation
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
3371000
|
trusted library allocation
|
page read and write
|
||
|
330C000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
F78000
|
heap
|
page read and write
|
||
|
33D9000
|
trusted library allocation
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
B77000
|
heap
|
page read and write
|
||
|
5D10000
|
trusted library section
|
page read and write
|
||
|
555D000
|
stack
|
page read and write
|
||
|
4052000
|
trusted library allocation
|
page read and write
|
||
|
4AE000
|
stack
|
page read and write
|
||
|
333B000
|
trusted library allocation
|
page read and write
|
||
|
11F2000
|
trusted library allocation
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
5DA8000
|
trusted library section
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
11DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
584C000
|
stack
|
page read and write
|
||
|
3357000
|
trusted library allocation
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
64DE000
|
stack
|
page read and write
|
||
|
44E000
|
unkown
|
page read and write
|
||
|
A3C000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
11E2000
|
trusted library allocation
|
page execute and read and write
|
||
|
32FA000
|
trusted library allocation
|
page read and write
|
||
|
3361000
|
trusted library allocation
|
page read and write
|
||
|
625C000
|
stack
|
page read and write
|
||
|
649D000
|
stack
|
page read and write
|
||
|
50D0000
|
heap
|
page read and write
|
||
|
27D0000
|
heap
|
page read and write
|
||
|
860000
|
unkown
|
page readonly
|
||
|
50D4000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
5DF0000
|
heap
|
page read and write
|
||
|
ECE000
|
heap
|
page read and write
|
||
|
5F3E000
|
trusted library section
|
page read and write
|
||
|
465000
|
heap
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
11FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3250000
|
remote allocation
|
page read and write
|
||
|
32C2000
|
trusted library allocation
|
page read and write
|
||
|
CF6000
|
stack
|
page read and write
|
||
|
501000
|
heap
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
5D70000
|
trusted library section
|
page read and write
|
||
|
32EA000
|
trusted library allocation
|
page read and write
|
||
|
121B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3244000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
503000
|
heap
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
1212000
|
trusted library allocation
|
page read and write
|
||
|
5F30000
|
trusted library section
|
page read and write
|
||
|
580F000
|
stack
|
page read and write
|
||
|
58B000
|
heap
|
page read and write
|
||
|
5240000
|
heap
|
page read and write
|
||
|
5BE0000
|
trusted library section
|
page read and write
|
||
|
4352000
|
trusted library allocation
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
5D20000
|
trusted library section
|
page read and write
|
||
|
65DE000
|
stack
|
page read and write
|
||
|
55B0000
|
stack
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
31D8000
|
trusted library allocation
|
page read and write
|
||
|
42A1000
|
trusted library allocation
|
page read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
9EF000
|
stack
|
page read and write
|
||
|
3407000
|
trusted library allocation
|
page read and write
|
||
|
3FA1000
|
trusted library allocation
|
page read and write
|
||
|
4FE000
|
heap
|
page read and write
|
||
|
FB8000
|
heap
|
page read and write
|
||
|
33B5000
|
trusted library allocation
|
page read and write
|
||
|
5F18000
|
trusted library section
|
page read and write
|
||
|
559C000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
3412000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
trusted library allocation
|
page read and write
|
||
|
501000
|
heap
|
page read and write
|
||
|
120A000
|
trusted library allocation
|
page execute and read and write
|
||
|
EFE000
|
heap
|
page read and write
|
||
|
5280000
|
heap
|
page execute and read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
620D000
|
stack
|
page read and write
|
||
|
339D000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
5DE0000
|
trusted library section
|
page read and write
|
There are 249 hidden memdumps, click here to show them.