Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\Public\Downloads\PCICL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\TCCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\bild.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\pcicapi.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\remcmdstub.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\Public\Downloads\HTCTL32.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Downloads\NSM.LIC
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Downloads\PCICHEK.DLL
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Downloads\client32.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\Public\Downloads\msvcr100.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\Public\Downloads\nskbfltr.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loca[1].htm
|
ASCII text, with no line terminators
|
modified
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\Public\Downloads\bild.exe
|
"C:\Users\Public\Downloads\bild.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.64/fakeurl.htm
|
185.215.113.64
|
|
|
|
http://www.pci.co.uk/support
|
unknown
|
||
|
http://%s/testpage.htmwininet.dll
|
unknown
|
||
|
http://geo.netsupportsoftware.com/es
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp
|
104.26.1.231
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.asp(E
|
unknown
|
||
|
http://www.pci.co.uk/supportsupport
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://geo.netsupportsoftware.com/location/loca.aspX
|
unknown
|
||
|
http://127.0.0.1RESUMEPRINTING
|
unknown
|
||
|
http://%s/testpage.htm
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp11(
|
unknown
|
||
|
http://127.0.0.1
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.netsupportschool.com/tutor-assistant.asp
|
unknown
|
||
|
http://%s/fakeurl.htm
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
geo.netsupportsoftware.com
|
104.26.1.231
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.64
|
unknown
|
Portugal
|
|
|
|
104.26.1.231
|
geo.netsupportsoftware.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5661000
|
heap
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
1125C000
|
unkown
|
page readonly
|
||
|
2854000
|
heap
|
page read and write
|
||
|
F22000
|
unkown
|
page readonly
|
||
|
26A8000
|
heap
|
page read and write
|
||
|
A4A000
|
unkown
|
page read and write
|
||
|
949000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
82B000
|
heap
|
page read and write
|
||
|
6C940000
|
unkown
|
page readonly
|
||
|
EDE000
|
stack
|
page read and write
|
||
|
112DE000
|
unkown
|
page readonly
|
||
|
2800000
|
heap
|
page read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
729000
|
stack
|
page read and write
|
||
|
6CA14000
|
unkown
|
page readonly
|
||
|
5C1F000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
829000
|
heap
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
791E000
|
stack
|
page read and write
|
||
|
731000
|
stack
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
4D48000
|
heap
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
6C7A0000
|
unkown
|
page readonly
|
||
|
B9D000
|
stack
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
45A000
|
stack
|
page read and write
|
||
|
611F000
|
stack
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
675F000
|
stack
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page read and write
|
||
|
64DF000
|
stack
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
69DF000
|
stack
|
page read and write
|
||
|
6D9F000
|
stack
|
page read and write
|
||
|
6FA000
|
stack
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
4FDA000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
530D000
|
stack
|
page read and write
|
||
|
6CA01000
|
unkown
|
page execute read
|
||
|
2850000
|
heap
|
page read and write
|
||
|
7B5F000
|
stack
|
page read and write
|
||
|
4407000
|
heap
|
page read and write
|
||
|
111E1000
|
unkown
|
page read and write
|
||
|
4C17000
|
heap
|
page read and write
|
||
|
6C799000
|
unkown
|
page write copy
|
||
|
2864000
|
heap
|
page read and write
|
||
|
C9F000
|
stack
|
page read and write
|
||
|
723000
|
stack
|
page read and write
|
||
|
9F1000
|
unkown
|
page execute read
|
||
|
959000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
11000000
|
unkown
|
page readonly
|
||
|
2872000
|
heap
|
page read and write
|
||
|
6F1E000
|
stack
|
page read and write
|
||
|
55F3000
|
heap
|
page read and write
|
||
|
111F6000
|
unkown
|
page readonly
|
||
|
73A000
|
heap
|
page read and write
|
||
|
5022000
|
heap
|
page read and write
|
||
|
95D000
|
heap
|
page read and write
|
||
|
755E000
|
stack
|
page read and write
|
||
|
80F000
|
heap
|
page read and write
|
||
|
661F000
|
stack
|
page read and write
|
||
|
6C9F9000
|
unkown
|
page readonly
|
||
|
665E000
|
stack
|
page read and write
|
||
|
4FCD000
|
heap
|
page read and write
|
||
|
7F3000
|
heap
|
page read and write
|
||
|
520D000
|
stack
|
page read and write
|
||
|
926000
|
heap
|
page read and write
|
||
|
2D9F000
|
stack
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
949000
|
heap
|
page read and write
|
||
|
11193000
|
unkown
|
page readonly
|
||
|
829000
|
heap
|
page read and write
|
||
|
5D9E000
|
stack
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
6B5E000
|
stack
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
55B000
|
stack
|
page read and write
|
||
|
95D000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
6CA21000
|
unkown
|
page execute read
|
||
|
440C000
|
heap
|
page read and write
|
||
|
3411000
|
heap
|
page read and write
|
||
|
92C000
|
heap
|
page read and write
|
||
|
636000
|
stack
|
page read and write
|
||
|
2F54000
|
heap
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
741E000
|
stack
|
page read and write
|
||
|
7DDF000
|
stack
|
page read and write
|
||
|
651E000
|
stack
|
page read and write
|
||
|
689F000
|
stack
|
page read and write
|
||
|
4F69000
|
heap
|
page read and write
|
||
|
28EE000
|
stack
|
page read and write
|
||
|
729F000
|
stack
|
page read and write
|
||
|
6C9F4000
|
unkown
|
page read and write
|
||
|
6C751000
|
unkown
|
page execute read
|
||
|
4EAF000
|
stack
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
5653000
|
heap
|
page read and write
|
||
|
9F0000
|
unkown
|
page readonly
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
9F1000
|
unkown
|
page execute read
|
||
|
615E000
|
stack
|
page read and write
|
||
|
2883000
|
heap
|
page read and write
|
||
|
68DE000
|
stack
|
page read and write
|
||
|
364D000
|
stack
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page read and write
|
||
|
589E000
|
stack
|
page read and write
|
||
|
6CA20000
|
unkown
|
page readonly
|
||
|
F20000
|
unkown
|
page readonly
|
||
|
6CA24000
|
unkown
|
page readonly
|
||
|
2B20000
|
heap
|
page read and write
|
||
|
506E000
|
heap
|
page read and write
|
||
|
5E9F000
|
stack
|
page read and write
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
4FD3000
|
heap
|
page read and write
|
||
|
5310000
|
heap
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
701F000
|
stack
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
4FF7000
|
heap
|
page read and write
|
||
|
1132A000
|
unkown
|
page readonly
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
6C790000
|
unkown
|
page readonly
|
||
|
880000
|
heap
|
page read and write
|
||
|
7A6000
|
heap
|
page read and write
|
||
|
4FA0000
|
heap
|
page read and write
|
||
|
515D000
|
heap
|
page read and write
|
||
|
CDE000
|
stack
|
page read and write
|
||
|
779F000
|
stack
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
4FDC000
|
heap
|
page read and write
|
||
|
7C9F000
|
stack
|
page read and write
|
||
|
33CE000
|
stack
|
page read and write
|
||
|
305A000
|
stack
|
page read and write
|
||
|
4BAF000
|
stack
|
page read and write
|
||
|
56F2000
|
heap
|
page read and write
|
||
|
6CA06000
|
unkown
|
page read and write
|
||
|
4F3D000
|
heap
|
page read and write
|
||
|
6C941000
|
unkown
|
page execute read
|
||
|
790000
|
heap
|
page read and write
|
||
|
56C2000
|
heap
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
73DF000
|
stack
|
page read and write
|
||
|
8BD000
|
heap
|
page read and write
|
||
|
6C79E000
|
unkown
|
page read and write
|
||
|
4400000
|
heap
|
page read and write
|
||
|
7EA000
|
heap
|
page read and write
|
||
|
4D7E000
|
stack
|
page read and write
|
||
|
5691000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
7A1F000
|
stack
|
page read and write
|
||
|
F20000
|
unkown
|
page readonly
|
||
|
629E000
|
stack
|
page read and write
|
||
|
2984000
|
heap
|
page read and write
|
||
|
6C750000
|
unkown
|
page readonly
|
||
|
791000
|
heap
|
page read and write
|
||
|
706000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7A5E000
|
stack
|
page read and write
|
||
|
639F000
|
stack
|
page read and write
|
||
|
6B1F000
|
stack
|
page read and write
|
||
|
5FDF000
|
stack
|
page read and write
|
||
|
6C5F000
|
stack
|
page read and write
|
||
|
7CB000
|
heap
|
page read and write
|
||
|
D0B000
|
heap
|
page read and write
|
||
|
4D5E000
|
heap
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
8D6000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
8A7000
|
heap
|
page read and write
|
||
|
ADD000
|
stack
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
2E0D000
|
stack
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
8F6000
|
heap
|
page read and write
|
||
|
BBE000
|
stack
|
page read and write
|
||
|
5561000
|
heap
|
page read and write
|
||
|
BD6000
|
heap
|
page read and write
|
||
|
5591000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
4FC6000
|
heap
|
page read and write
|
||
|
A20000
|
unkown
|
page readonly
|
||
|
B5F000
|
stack
|
page read and write
|
||
|
815000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
4EBC000
|
stack
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
78DF000
|
stack
|
page read and write
|
||
|
26A5000
|
heap
|
page read and write
|
||
|
111F0000
|
unkown
|
page read and write
|
||
|
5D5F000
|
stack
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
A4C000
|
unkown
|
page readonly
|
||
|
63DE000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
112AC000
|
unkown
|
page readonly
|
||
|
508F000
|
stack
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
73A000
|
stack
|
page read and write
|
||
|
7F1F000
|
stack
|
page read and write
|
||
|
341C000
|
heap
|
page read and write
|
||
|
6C79A000
|
unkown
|
page read and write
|
||
|
4F8E000
|
stack
|
page read and write
|
||
|
926000
|
heap
|
page read and write
|
||
|
6CA23000
|
unkown
|
page read and write
|
||
|
294A000
|
trusted library allocation
|
page read and write
|
||
|
304E000
|
stack
|
page read and write
|
||
|
4410000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
A2A000
|
unkown
|
page write copy
|
||
|
90C000
|
heap
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
727000
|
stack
|
page read and write
|
||
|
B1C000
|
stack
|
page read and write
|
||
|
805F000
|
stack
|
page read and write
|
||
|
55C1000
|
heap
|
page read and write
|
||
|
56F2000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
705E000
|
stack
|
page read and write
|
||
|
56F2000
|
heap
|
page read and write
|
||
|
77DE000
|
stack
|
page read and write
|
||
|
6CA00000
|
unkown
|
page readonly
|
||
|
751F000
|
stack
|
page read and write
|
||
|
4EC0000
|
unclassified section
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
27FE000
|
stack
|
page read and write
|
||
|
6C9F6000
|
unkown
|
page write copy
|
||
|
4D4E000
|
heap
|
page read and write
|
||
|
715F000
|
stack
|
page read and write
|
||
|
3180000
|
heap
|
page read and write
|
||
|
7CDE000
|
stack
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
959000
|
heap
|
page read and write
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
765F000
|
stack
|
page read and write
|
||
|
56F2000
|
heap
|
page read and write
|
||
|
112B3000
|
unkown
|
page readonly
|
||
|
7E1E000
|
stack
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
6CA05000
|
unkown
|
page readonly
|
||
|
3050000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
91B000
|
heap
|
page read and write
|
||
|
926000
|
heap
|
page read and write
|
||
|
1129D000
|
unkown
|
page readonly
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
F22000
|
unkown
|
page readonly
|
||
|
6EDF000
|
stack
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
5C5E000
|
stack
|
page read and write
|
||
|
6DDE000
|
stack
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
F21000
|
unkown
|
page execute read
|
||
|
11001000
|
unkown
|
page execute read
|
||
|
72DE000
|
stack
|
page read and write
|
||
|
F21000
|
unkown
|
page execute read
|
||
|
81E000
|
heap
|
page read and write
|
||
|
265B000
|
stack
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
4FBC000
|
stack
|
page read and write
|
||
|
55C1000
|
heap
|
page read and write
|
||
|
A77000
|
heap
|
page read and write
|
||
|
5ADF000
|
stack
|
page read and write
|
||
|
2874000
|
heap
|
page read and write
|
||
|
716000
|
stack
|
page read and write
|
||
|
D07000
|
heap
|
page read and write
|
||
|
2860000
|
heap
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
625F000
|
stack
|
page read and write
|
||
|
5624000
|
heap
|
page read and write
|
||
|
4D4F000
|
heap
|
page read and write
|
||
|
710000
|
stack
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
787000
|
heap
|
page read and write
|
||
|
5590000
|
heap
|
page read and write
|
||
|
679E000
|
stack
|
page read and write
|
||
|
26A0000
|
heap
|
page read and write
|
||
|
5B1E000
|
stack
|
page read and write
|
||
|
7D2000
|
heap
|
page read and write
|
||
|
5EDE000
|
stack
|
page read and write
|
||
|
4AAF000
|
stack
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
||
|
50DB000
|
heap
|
page read and write
|
||
|
601E000
|
stack
|
page read and write
|
||
|
7CC000
|
heap
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
2F4D000
|
stack
|
page read and write
|
||
|
6C9E000
|
stack
|
page read and write
|
||
|
6A1E000
|
stack
|
page read and write
|
||
|
8AD000
|
heap
|
page read and write
|
||
|
7F3000
|
heap
|
page read and write
|
||
|
7F5E000
|
stack
|
page read and write
|
||
|
56C1000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
11287000
|
unkown
|
page readonly
|
||
|
95C000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
287D000
|
heap
|
page read and write
|
||
|
2E9B000
|
stack
|
page read and write
|
||
|
4CB0000
|
heap
|
page read and write
|
||
|
3418000
|
heap
|
page read and write
|
||
|
A4C000
|
unkown
|
page readonly
|
||
|
599F000
|
stack
|
page read and write
|
||
|
A2A000
|
unkown
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
8A4000
|
heap
|
page read and write
|
||
|
8AE000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6CA22000
|
unkown
|
page readonly
|
||
|
2F0E000
|
stack
|
page read and write
|
||
|
7BC000
|
heap
|
page read and write
|
||
|
5623000
|
heap
|
page read and write
|
||
|
95F000
|
heap
|
page read and write
|
||
|
95A000
|
heap
|
page read and write
|
||
|
A20000
|
unkown
|
page readonly
|
||
|
55F2000
|
heap
|
page read and write
|
||
|
55C1000
|
heap
|
page read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
9F0000
|
unkown
|
page readonly
|
||
|
7B9E000
|
stack
|
page read and write
|
||
|
4E7F000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
5654000
|
heap
|
page read and write
|
||
|
775000
|
heap
|
page read and write
|
||
|
55C2000
|
heap
|
page read and write
|
||
|
80E000
|
heap
|
page read and write
|
There are 340 hidden memdumps, click here to show them.