Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Netstat\PCICL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\TCCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\bild.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\pcicapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\remcmdstub.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Netstat\HTCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\NSM.LIC
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Netstat\PCICHEK.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\client32.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Netstat\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Netstat\nskbfltr.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loca[1].htm
|
ASCII text, with no line terminators
|
modified
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\Public\Netstat\bild.exe
|
"C:\Users\Public\Netstat\bild.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://172.86.117.97/fakeurl.htm
|
172.86.117.97
|
|
|
|
http://geo.netsupportsoftware.com/location/loca.asphM
|
unknown
|
||
|
http://www.pci.co.uk/support
|
unknown
|
||
|
http://%s/testpage.htmwininet.dll
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp
|
104.26.1.231
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
|
unknown
|
||
|
http://www.pci.co.uk/supportsupport
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspXL-
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspx
|
unknown
|
||
|
http://127.0.0.1RESUMEPRINTING
|
unknown
|
||
|
http://%s/testpage.htm
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp11(
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp
|
unknown
|
||
|
http://%s/fakeurl.htm
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geo.netsupportsoftware.com
|
104.26.1.231
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.86.117.97
|
unknown
|
United States
|
|
|
|
104.26.1.231
|
geo.netsupportsoftware.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E676AFC000
|
stack
|
page read and write
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
28755FE5000
|
heap
|
page read and write
|
||
|
287540A5000
|
heap
|
page read and write
|
||
|
28751E9E000
|
heap
|
page read and write
|
||
|
28755F3D000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
73AF4000
|
unkown
|
page readonly
|
||
|
28751E3F000
|
heap
|
page read and write
|
||
|
5040000
|
unclassified section
|
page read and write
|
||
|
55DF000
|
stack
|
page read and write
|
||
|
28751E27000
|
heap
|
page read and write
|
||
|
28751E87000
|
heap
|
page read and write
|
||
|
6CED9000
|
unkown
|
page write copy
|
||
|
287540A5000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
E6765FE000
|
stack
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
5766000
|
heap
|
page read and write
|
||
|
35C8000
|
heap
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
28751E44000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
28753EA1000
|
heap
|
page read and write
|
||
|
28753FA2000
|
heap
|
page read and write
|
||
|
73AF0000
|
unkown
|
page readonly
|
||
|
959000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
28751DB0000
|
heap
|
page readonly
|
||
|
28753F23000
|
heap
|
page read and write
|
||
|
73AF3000
|
unkown
|
page read and write
|
||
|
2AC4000
|
heap
|
page read and write
|
||
|
917000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
28751EB3000
|
heap
|
page read and write
|
||
|
28751E87000
|
heap
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
E8E000
|
stack
|
page read and write
|
||
|
5751000
|
heap
|
page read and write
|
||
|
28754065000
|
heap
|
page read and write
|
||
|
28753FA1000
|
heap
|
page read and write
|
||
|
287540A5000
|
heap
|
page read and write
|
||
|
C27000
|
heap
|
page read and write
|
||
|
28751E9E000
|
heap
|
page read and write
|
||
|
6CEE0000
|
unkown
|
page readonly
|
||
|
28755F4A000
|
heap
|
page read and write
|
||
|
D9D000
|
stack
|
page read and write
|
||
|
7FF7481F1000
|
unkown
|
page execute read
|
||
|
538D000
|
stack
|
page read and write
|
||
|
577F000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
98A000
|
heap
|
page read and write
|
||
|
E6761E0000
|
stack
|
page read and write
|
||
|
903000
|
heap
|
page read and write
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
28751E40000
|
heap
|
page read and write
|
||
|
959000
|
heap
|
page read and write
|
||
|
28755F67000
|
heap
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
C42000
|
unkown
|
page readonly
|
||
|
6E540000
|
unkown
|
page readonly
|
||
|
959000
|
heap
|
page read and write
|
||
|
8DC000
|
heap
|
page read and write
|
||
|
2AE3000
|
heap
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7FF74824B000
|
unkown
|
page write copy
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
6D136000
|
unkown
|
page write copy
|
||
|
5767000
|
heap
|
page read and write
|
||
|
93F000
|
heap
|
page read and write
|
||
|
28751EAD000
|
heap
|
page read and write
|
||
|
28753EA2000
|
heap
|
page read and write
|
||
|
93C000
|
heap
|
page read and write
|
||
|
7FF74825A000
|
unkown
|
page readonly
|
||
|
28754064000
|
heap
|
page read and write
|
||
|
6D081000
|
unkown
|
page execute read
|
||
|
E90000
|
heap
|
page read and write
|
||
|
28751E0A000
|
heap
|
page read and write
|
||
|
571F000
|
stack
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
287560DA000
|
heap
|
page read and write
|
||
|
917000
|
heap
|
page read and write
|
||
|
5786000
|
heap
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
287554C0000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
28753A6A000
|
trusted library allocation
|
page read and write
|
||
|
89E000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
7FF74825A000
|
unkown
|
page readonly
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
933000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
561E000
|
stack
|
page read and write
|
||
|
C40000
|
unkown
|
page readonly
|
||
|
2800000
|
heap
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
28751EF0000
|
heap
|
page read and write
|
||
|
28753F23000
|
heap
|
page read and write
|
||
|
937000
|
heap
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
28751EAD000
|
heap
|
page read and write
|
||
|
28753F26000
|
heap
|
page read and write
|
||
|
28751E8D000
|
heap
|
page read and write
|
||
|
8EC000
|
heap
|
page read and write
|
||
|
5788000
|
heap
|
page read and write
|
||
|
28751E38000
|
heap
|
page read and write
|
||
|
28755F17000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
28751E85000
|
heap
|
page read and write
|
||
|
28751EBD000
|
heap
|
page read and write
|
||
|
28753F60000
|
heap
|
page read and write
|
||
|
6CE90000
|
unkown
|
page readonly
|
||
|
73AF2000
|
unkown
|
page readonly
|
||
|
28756052000
|
heap
|
page read and write
|
||
|
28751E65000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
7FF74824B000
|
unkown
|
page read and write
|
||
|
6E545000
|
unkown
|
page readonly
|
||
|
28753E65000
|
heap
|
page read and write
|
||
|
E6767FD000
|
stack
|
page read and write
|
||
|
287540A7000
|
heap
|
page read and write
|
||
|
28753F24000
|
heap
|
page read and write
|
||
|
28753E61000
|
heap
|
page read and write
|
||
|
2818000
|
heap
|
page read and write
|
||
|
E6769FE000
|
stack
|
page read and write
|
||
|
28753AB0000
|
heap
|
page read and write
|
||
|
2AB4000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
6E546000
|
unkown
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
28751E4E000
|
heap
|
page read and write
|
||
|
C41000
|
unkown
|
page execute read
|
||
|
28753C60000
|
heap
|
page read and write
|
||
|
2AD4000
|
heap
|
page read and write
|
||
|
28751E4E000
|
heap
|
page read and write
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
28751E6A000
|
heap
|
page read and write
|
||
|
6D080000
|
unkown
|
page readonly
|
||
|
5CB000
|
stack
|
page read and write
|
||
|
7FF7481F0000
|
unkown
|
page readonly
|
||
|
6E541000
|
unkown
|
page execute read
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
EBB000
|
heap
|
page read and write
|
||
|
28755CC5000
|
heap
|
page read and write
|
||
|
28751DC0000
|
heap
|
page read and write
|
||
|
28751EA3000
|
heap
|
page read and write
|
||
|
28751E3B000
|
heap
|
page read and write
|
||
|
28753D60000
|
trusted library allocation
|
page read and write
|
||
|
28753E60000
|
heap
|
page read and write
|
||
|
6D139000
|
unkown
|
page readonly
|
||
|
28751EAD000
|
heap
|
page read and write
|
||
|
28751EAD000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
5766000
|
heap
|
page read and write
|
||
|
287520B5000
|
heap
|
page read and write
|
||
|
8F7000
|
heap
|
page read and write
|
||
|
5772000
|
heap
|
page read and write
|
||
|
28755F6D000
|
heap
|
page read and write
|
||
|
28753EE2000
|
heap
|
page read and write
|
||
|
28751E46000
|
heap
|
page read and write
|
||
|
2AC0000
|
heap
|
page read and write
|
||
|
28755CCC000
|
heap
|
page read and write
|
||
|
28751E3B000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
279E000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
6D134000
|
unkown
|
page read and write
|
||
|
28753FE3000
|
heap
|
page read and write
|
||
|
2815000
|
heap
|
page read and write
|
||
|
7FF74825E000
|
unkown
|
page write copy
|
||
|
287520BE000
|
heap
|
page read and write
|
||
|
28753FE2000
|
heap
|
page read and write
|
||
|
984000
|
heap
|
page read and write
|
||
|
28751E6A000
|
heap
|
page read and write
|
||
|
28751E46000
|
heap
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
28751E44000
|
heap
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
28751E4E000
|
heap
|
page read and write
|
||
|
4CA000
|
stack
|
page read and write
|
||
|
5752000
|
heap
|
page read and write
|
||
|
28751E64000
|
heap
|
page read and write
|
||
|
7FF74825F000
|
unkown
|
page readonly
|
||
|
C42000
|
unkown
|
page readonly
|
||
|
28751E27000
|
heap
|
page read and write
|
||
|
28753AE4000
|
heap
|
page read and write
|
||
|
287520B0000
|
heap
|
page read and write
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
7FF748238000
|
unkown
|
page readonly
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
6CE91000
|
unkown
|
page execute read
|
||
|
2A1E000
|
stack
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
28751E6A000
|
heap
|
page read and write
|
||
|
981000
|
heap
|
page read and write
|
||
|
28751E3B000
|
heap
|
page read and write
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
28751E2F000
|
heap
|
page read and write
|
||
|
35B0000
|
heap
|
page read and write
|
||
|
28753AE0000
|
heap
|
page read and write
|
||
|
28753F23000
|
heap
|
page read and write
|
||
|
28754023000
|
heap
|
page read and write
|
||
|
5753000
|
heap
|
page read and write
|
||
|
28751E44000
|
heap
|
page read and write
|
||
|
28751E6A000
|
heap
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
3124000
|
heap
|
page read and write
|
||
|
28751E8D000
|
heap
|
page read and write
|
||
|
28753D60000
|
heap
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
30FB000
|
stack
|
page read and write
|
||
|
73AF1000
|
unkown
|
page execute read
|
||
|
976000
|
heap
|
page read and write
|
||
|
28751E2E000
|
heap
|
page read and write
|
||
|
287554CD000
|
heap
|
page read and write
|
||
|
28751CD0000
|
heap
|
page read and write
|
||
|
28751DF0000
|
heap
|
page read and write
|
||
|
7FF7481F1000
|
unkown
|
page execute read
|
||
|
5792000
|
heap
|
page read and write
|
||
|
6CED0000
|
unkown
|
page readonly
|
||
|
287540A5000
|
heap
|
page read and write
|
||
|
291E000
|
stack
|
page read and write
|
||
|
28755F99000
|
heap
|
page read and write
|
||
|
28754024000
|
heap
|
page read and write
|
||
|
28753F25000
|
heap
|
page read and write
|
||
|
28751E6B000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
6CEDA000
|
unkown
|
page read and write
|
||
|
28751E8D000
|
heap
|
page read and write
|
||
|
28753F61000
|
heap
|
page read and write
|
||
|
E0B000
|
stack
|
page read and write
|
||
|
28753A51000
|
trusted library allocation
|
page read and write
|
||
|
28751E9E000
|
heap
|
page read and write
|
||
|
2AD2000
|
heap
|
page read and write
|
||
|
6CEDE000
|
unkown
|
page read and write
|
||
|
7FF7481F0000
|
unkown
|
page readonly
|
||
|
E6768FE000
|
stack
|
page read and write
|
||
|
7FF748254000
|
unkown
|
page read and write
|
||
|
28755CCA000
|
heap
|
page read and write
|
||
|
EB7000
|
heap
|
page read and write
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
2810000
|
heap
|
page read and write
|
||
|
7FF748238000
|
unkown
|
page readonly
|
||
|
98C000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
28751E3B000
|
heap
|
page read and write
|
||
|
28753FA1000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
28755EB4000
|
heap
|
page read and write
|
||
|
972000
|
heap
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
28751EE3000
|
heap
|
page read and write
|
||
|
C41000
|
unkown
|
page execute read
|
||
|
6E554000
|
unkown
|
page readonly
|
||
|
548D000
|
stack
|
page read and write
|
||
|
7FF74825E000
|
unkown
|
page readonly
|
||
|
28751EAD000
|
heap
|
page read and write
|
||
|
955000
|
heap
|
page read and write
|
||
|
28753F23000
|
heap
|
page read and write
|
||
|
951000
|
heap
|
page read and write
|
||
|
28751E46000
|
heap
|
page read and write
|
||
|
E6764FE000
|
stack
|
page read and write
|
||
|
28753EE3000
|
heap
|
page read and write
|
||
|
287554C7000
|
heap
|
page read and write
|
||
|
28751E89000
|
heap
|
page read and write
|
||
|
54DE000
|
stack
|
page read and write
|
||
|
E6761E5000
|
stack
|
page read and write
|
||
|
28751E24000
|
heap
|
page read and write
|
||
|
28751E8D000
|
heap
|
page read and write
|
There are 275 hidden memdumps, click here to show them.