Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
YTrJ5NViJC.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Desktop.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600,
atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Desktop.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Desktop.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600,
atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\YTrJ5NViJC.exe
|
"C:\Users\user\Desktop\YTrJ5NViJC.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://gro.macssecca.atademorhc
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
chromedata.accesscam.org
|
128.90.129.125
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
128.90.129.125
|
chromedata.accesscam.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
|
|
|
HKEY_CURRENT_USER\Environment
|
SEE_MASK_NOZONECHECKS
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C94000
|
trusted library allocation
|
page read and write
|
|
|
|
29FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
2A10000
|
trusted library allocation
|
page read and write
|
||
|
2A50000
|
heap
|
page execute and read and write
|
||
|
59DE000
|
trusted library allocation
|
page read and write
|
||
|
13D6000
|
heap
|
page read and write
|
||
|
2A27000
|
trusted library allocation
|
page execute and read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
5A5C000
|
stack
|
page read and write
|
||
|
59EE000
|
trusted library allocation
|
page read and write
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
59E2000
|
trusted library allocation
|
page read and write
|
||
|
972000
|
unkown
|
page readonly
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
5B30000
|
heap
|
page execute and read and write
|
||
|
5A02000
|
trusted library allocation
|
page read and write
|
||
|
2A03000
|
trusted library allocation
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
97A000
|
unkown
|
page readonly
|
||
|
DBE000
|
heap
|
page read and write
|
||
|
2A40000
|
trusted library allocation
|
page read and write
|
||
|
DF2000
|
heap
|
page read and write
|
||
|
13C6000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
5AA0000
|
trusted library allocation
|
page read and write
|
||
|
2A22000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
5AD0000
|
trusted library allocation
|
page read and write
|
||
|
970000
|
unkown
|
page readonly
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
4C08000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
5DE1000
|
heap
|
page read and write
|
||
|
5B20000
|
trusted library allocation
|
page execute and read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
2BDC000
|
stack
|
page read and write
|
||
|
13C0000
|
trusted library allocation
|
page read and write
|
||
|
5100000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
2A16000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
5DD0000
|
heap
|
page read and write
|
||
|
DF4000
|
heap
|
page read and write
|
||
|
59DB000
|
trusted library allocation
|
page read and write
|
||
|
D37000
|
stack
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page read and write
|
||
|
5B10000
|
heap
|
page read and write
|
||
|
4D9E000
|
stack
|
page read and write
|
||
|
59D6000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
E35000
|
heap
|
page read and write
|
||
|
5B50000
|
heap
|
page read and write
|
||
|
EA7000
|
heap
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
59F6000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
59D0000
|
trusted library allocation
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
11EF000
|
stack
|
page read and write
|
||
|
C3A000
|
stack
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
52D3000
|
heap
|
page read and write
|
||
|
2A1A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AC0000
|
trusted library allocation
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A00000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
59F1000
|
trusted library allocation
|
page read and write
|
||
|
59FD000
|
trusted library allocation
|
page read and write
|
||
|
5DE8000
|
heap
|
page read and write
|
||
|
51A9000
|
trusted library allocation
|
page read and write
|
||
|
DBA000
|
heap
|
page read and write
|
||
|
29F4000
|
trusted library allocation
|
page read and write
|
||
|
5AB7000
|
trusted library allocation
|
page read and write
|
||
|
E5A000
|
heap
|
page read and write
|
||
|
5A99000
|
stack
|
page read and write
|
||
|
29F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F530000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C01000
|
trusted library allocation
|
page read and write
|
||
|
DE5000
|
heap
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
2A0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A20000
|
trusted library allocation
|
page read and write
|
||
|
59D4000
|
trusted library allocation
|
page read and write
|
||
|
5110000
|
trusted library allocation
|
page read and write
|
There are 82 hidden memdumps, click here to show them.