Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
nsHwyCkyFr.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Oracle\Java\.oracle_jre_usage\b5820291038aa69c.timestamp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\hsperfdata_user\7656
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\nsHwyCkyFr.exe
|
"C:\Users\user\Desktop\nsHwyCkyFr.exe"
|
||
|
C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe
|
"C:\Program Files (x86)\Java\jre-1.8\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath " org.develnext.jphp.ext.javafx.FXLauncher
|
||
|
C:\Windows\SysWOW64\icacls.exe
|
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
|
unknown
|
||
|
http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
|
unknown
|
||
|
http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
|
unknown
|
||
|
http://bugreport.sun.com/bugreport/
|
unknown
|
||
|
https://www.ssl.com/repository0
|
unknown
|
||
|
http://ocsps.ssl.com0?
|
unknown
|
||
|
http://ocsps.ssl.com0_
|
unknown
|
||
|
http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
|
unknown
|
||
|
http://java.oracle.com/
|
unknown
|
||
|
http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
|
unknown
|
||
|
http://ocsps.ssl.com0
|
unknown
|
||
|
http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
|
unknown
|
||
|
http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
|
unknown
|
||
|
http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
|
unknown
|
||
|
http://www.oracle.com/technetwork/java/javase/documentation/index.html
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4A8A000
|
trusted library allocation
|
page read and write
|
||
|
49B8000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page readonly
|
||
|
2760000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
412000
|
unkown
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
153F0000
|
heap
|
page read and write
|
||
|
414000
|
unkown
|
page write copy
|
||
|
2780000
|
unkown
|
page read and write
|
||
|
14E6F000
|
heap
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
27CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4968000
|
heap
|
page read and write
|
||
|
152CD000
|
unkown
|
page read and write
|
||
|
2790000
|
trusted library allocation
|
page execute and read and write
|
||
|
616000
|
stack
|
page read and write
|
||
|
49A6000
|
heap
|
page read and write
|
||
|
4ACE000
|
trusted library allocation
|
page read and write
|
||
|
4A54000
|
trusted library allocation
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
D0000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
2834000
|
trusted library allocation
|
page execute and read and write
|
||
|
65E000
|
stack
|
page read and write
|
||
|
C0F000
|
stack
|
page read and write
|
||
|
94C000
|
stack
|
page read and write
|
||
|
413000
|
unkown
|
page write copy
|
||
|
3178000
|
heap
|
page read and write
|
||
|
606000
|
stack
|
page read and write
|
||
|
1523E000
|
unkown
|
page read and write
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page execute and read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
1530D000
|
stack
|
page read and write
|
||
|
27CE000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A26000
|
trusted library allocation
|
page read and write
|
||
|
14F2D000
|
stack
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
27D2000
|
trusted library allocation
|
page execute and read and write
|
||
|
4A5A000
|
trusted library allocation
|
page read and write
|
||
|
4A1B000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
282D000
|
trusted library allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4A2E000
|
trusted library allocation
|
page read and write
|
||
|
14FBD000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
318A000
|
heap
|
page read and write
|
||
|
27E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
CF3000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page readonly
|
||
|
1535E000
|
unkown
|
page read and write
|
||
|
151ED000
|
stack
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1500E000
|
unkown
|
page read and write
|
||
|
71E000
|
heap
|
page read and write
|
||
|
2DD0000
|
heap
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
4A32000
|
trusted library allocation
|
page read and write
|
||
|
4A5E000
|
trusted library allocation
|
page read and write
|
||
|
49A3000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
4A56000
|
trusted library allocation
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
CEF000
|
heap
|
page read and write
|
||
|
303E000
|
stack
|
page read and write
|
||
|
265E000
|
stack
|
page read and write
|
||
|
2792000
|
trusted library allocation
|
page execute and read and write
|
||
|
4900000
|
heap
|
page read and write
|
||
|
2DE0000
|
heap
|
page read and write
|
||
|
C48000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
8FC000
|
stack
|
page read and write
|
||
|
14A00000
|
trusted library allocation
|
page read and write
|
||
|
2D6D000
|
stack
|
page read and write
|
||
|
14F7E000
|
unkown
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
32EF000
|
stack
|
page read and write
|
||
|
3080000
|
heap
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
4790000
|
trusted library allocation
|
page read and write
|
||
|
4A10000
|
trusted library allocation
|
page read and write
|
||
|
27DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D2D000
|
stack
|
page read and write
|
||
|
4A00000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1527D000
|
stack
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
4A20000
|
trusted library allocation
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
C71000
|
heap
|
page read and write
|
There are 89 hidden memdumps, click here to show them.