Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
211.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\Desktop\QQWER.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\54e41d.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\54e47b.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\552434.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\5524a1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\ 1.bmp
|
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 2.bmp
|
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 4.bmp
|
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 404.bmp
|
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\211.exe
|
"C:\Users\user\Desktop\211.exe"
|
||
C:\Users\user\Desktop\211.exe
|
"C:\Users\user\Desktop\211.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtX
|
unknown
|
||
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtF
|
unknown
|
||
http://ocsp.t
|
unknown
|
||
http://42.193.100.57/
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtS
|
unknown
|
||
http://.httpsset-cookie:;;
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt-
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtgrams
|
unknown
|
||
http://ts-ocsp.ws.s
|
unknown
|
||
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtm
|
unknown
|
||
http://ts-ocsp.ws.symantec.
|
unknown
|
||
http://sf.symc
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt6
|
unknown
|
||
https://ww(w.v
|
unknown
|
||
https://User-Agent:Mozilla/4.0
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt87
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt;
|
unknown
|
There are 12 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
42.193.100.57
|
unknown
|
China
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
unkown
|
page readonly
|
||
7E7000
|
unkown
|
page read and write
|
||
C11000
|
heap
|
page read and write
|
||
2921000
|
heap
|
page read and write
|
||
7D4000
|
unkown
|
page write copy
|
||
3EAB000
|
stack
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
33C0000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2B60000
|
heap
|
page execute and read and write
|
||
39FE000
|
stack
|
page read and write
|
||
2B7A000
|
heap
|
page read and write
|
||
2CF5000
|
heap
|
page read and write
|
||
1076000
|
heap
|
page read and write
|
||
39BF000
|
stack
|
page read and write
|
||
39AF000
|
stack
|
page read and write
|
||
28AA000
|
heap
|
page read and write
|
||
3B2E000
|
stack
|
page read and write
|
||
1010000
|
heap
|
page read and write
|
||
2CD4000
|
heap
|
page read and write
|
||
A95000
|
heap
|
page read and write
|
||
C15000
|
heap
|
page read and write
|
||
2B7A000
|
heap
|
page read and write
|
||
2CC7000
|
heap
|
page read and write
|
||
3FFF000
|
stack
|
page read and write
|
||
C16000
|
heap
|
page read and write
|
||
7E1000
|
unkown
|
page read and write
|
||
3C6E000
|
stack
|
page read and write
|
||
BE7000
|
heap
|
page read and write
|
||
5780000
|
heap
|
page read and write
|
||
2AF7000
|
heap
|
page read and write
|
||
C43000
|
heap
|
page read and write
|
||
3AFE000
|
stack
|
page read and write
|
||
7D4000
|
unkown
|
page write copy
|
||
7EB000
|
unkown
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
BE2000
|
heap
|
page read and write
|
||
31AE000
|
heap
|
page read and write
|
||
BC2000
|
heap
|
page read and write
|
||
930000
|
unkown
|
page readonly
|
||
318B000
|
heap
|
page read and write
|
||
2EDC000
|
heap
|
page execute and read and write
|
||
7EA000
|
unkown
|
page write copy
|
||
3183000
|
heap
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
552C000
|
stack
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
BAA000
|
heap
|
page read and write
|
||
2E81000
|
heap
|
page execute and read and write
|
||
31B7000
|
heap
|
page read and write
|
||
BA9000
|
heap
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
2E54000
|
heap
|
page execute and read and write
|
||
C01000
|
heap
|
page read and write
|
||
3179000
|
heap
|
page read and write
|
||
28F0000
|
heap
|
page read and write
|
||
C75000
|
heap
|
page read and write
|
||
376E000
|
stack
|
page read and write
|
||
927000
|
unkown
|
page readonly
|
||
82D000
|
unkown
|
page readonly
|
||
A8E000
|
heap
|
page read and write
|
||
29BE000
|
stack
|
page read and write
|
||
7F7000
|
unkown
|
page read and write
|
||
2918000
|
heap
|
page read and write
|
||
82D000
|
unkown
|
page readonly
|
||
2CA2000
|
heap
|
page read and write
|
||
7B4000
|
unkown
|
page readonly
|
||
A20000
|
heap
|
page read and write
|
||
26C0000
|
heap
|
page read and write
|
||
2CD7000
|
heap
|
page read and write
|
||
29FB000
|
heap
|
page read and write
|
||
562E000
|
stack
|
page read and write
|
||
28F4000
|
heap
|
page read and write
|
||
7E2000
|
unkown
|
page write copy
|
||
2E7D000
|
heap
|
page execute and read and write
|
||
2AEE000
|
heap
|
page read and write
|
||
2CA5000
|
heap
|
page read and write
|
||
930000
|
unkown
|
page readonly
|
||
36BF000
|
stack
|
page read and write
|
||
2A4B000
|
heap
|
page read and write
|
||
B88000
|
heap
|
page read and write
|
||
2CC3000
|
heap
|
page read and write
|
||
302A000
|
heap
|
page execute and read and write
|
||
7D6000
|
unkown
|
page read and write
|
||
3086000
|
heap
|
page read and write
|
||
2630000
|
heap
|
page read and write
|
||
AB0000
|
heap
|
page read and write
|
||
AD0000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
AA0000
|
heap
|
page read and write
|
||
27B3000
|
heap
|
page read and write
|
||
2B7A000
|
heap
|
page read and write
|
||
2FFC000
|
heap
|
page execute and read and write
|
||
C20000
|
heap
|
page read and write
|
||
A90000
|
heap
|
page read and write
|
||
386F000
|
stack
|
page read and write
|
||
C31000
|
heap
|
page read and write
|
||
300C000
|
heap
|
page execute and read and write
|
||
302B000
|
heap
|
page execute and read and write
|
||
3C2E000
|
stack
|
page read and write
|
||
C41000
|
heap
|
page read and write
|
||
7AB000
|
unkown
|
page readonly
|
||
C54000
|
heap
|
page read and write
|
||
7EA000
|
unkown
|
page write copy
|
||
2C9D000
|
heap
|
page read and write
|
||
2B90000
|
heap
|
page execute and read and write
|
||
2CFE000
|
stack
|
page read and write
|
||
2CAE000
|
heap
|
page read and write
|
||
3182000
|
heap
|
page read and write
|
||
38AE000
|
stack
|
page read and write
|
||
2A47000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
3087000
|
heap
|
page read and write
|
||
C05000
|
heap
|
page read and write
|
||
2CD0000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2821000
|
heap
|
page read and write
|
||
2CC6000
|
heap
|
page read and write
|
||
2720000
|
heap
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
2D27000
|
heap
|
page execute and read and write
|
||
2825000
|
heap
|
page read and write
|
||
2CB6000
|
heap
|
page read and write
|
||
7D8000
|
unkown
|
page write copy
|
||
401000
|
unkown
|
page execute read
|
||
834000
|
unkown
|
page readonly
|
||
2C76000
|
heap
|
page read and write
|
||
3059000
|
heap
|
page execute and read and write
|
||
6B8000
|
unkown
|
page readonly
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
372F000
|
stack
|
page read and write
|
||
7D4000
|
unkown
|
page write copy
|
||
7EA000
|
unkown
|
page write copy
|
||
550000
|
unkown
|
page readonly
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
927000
|
unkown
|
page readonly
|
||
BBA000
|
heap
|
page read and write
|
||
3038000
|
heap
|
page execute and read and write
|
||
30BF000
|
heap
|
page read and write
|
||
2F0B000
|
heap
|
page execute and read and write
|
||
2B47000
|
heap
|
page read and write
|
||
930000
|
unkown
|
page readonly
|
||
31B2000
|
heap
|
page read and write
|
||
7F7000
|
unkown
|
page read and write
|
||
6B8000
|
unkown
|
page readonly
|
||
C54000
|
heap
|
page read and write
|
||
2BA7000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
C82000
|
heap
|
page read and write
|
||
3D7F000
|
stack
|
page read and write
|
||
CF7000
|
heap
|
page read and write
|
||
BFD000
|
heap
|
page read and write
|
||
30BB000
|
heap
|
page read and write
|
||
7E7000
|
unkown
|
page read and write
|
||
C1E000
|
heap
|
page read and write
|
||
C74000
|
heap
|
page read and write
|
||
2C95000
|
heap
|
page read and write
|
||
BBE000
|
heap
|
page read and write
|
||
2BAC000
|
heap
|
page read and write
|
||
7AB000
|
unkown
|
page readonly
|
||
7D8000
|
unkown
|
page write copy
|
||
39EC000
|
stack
|
page read and write
|
||
B80000
|
heap
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
7B4000
|
unkown
|
page readonly
|
||
A80000
|
heap
|
page read and write
|
||
A84000
|
heap
|
page read and write
|
||
2CE8000
|
heap
|
page read and write
|
||
3B3E000
|
stack
|
page read and write
|
||
2724000
|
heap
|
page read and write
|
||
C50000
|
heap
|
page read and write
|
||
927000
|
unkown
|
page readonly
|
||
302E000
|
heap
|
page execute and read and write
|
||
AA5000
|
heap
|
page read and write
|
||
2F84000
|
heap
|
page execute and read and write
|
||
6B8000
|
unkown
|
page readonly
|
||
82D000
|
unkown
|
page readonly
|
||
7E2000
|
unkown
|
page write copy
|
||
3C3B000
|
stack
|
page read and write
|
||
C66000
|
heap
|
page read and write
|
||
550000
|
unkown
|
page readonly
|
||
2CBE000
|
stack
|
page read and write
|
||
1050000
|
heap
|
page read and write
|
||
2C6D000
|
heap
|
page read and write
|
||
2EF2000
|
heap
|
page execute and read and write
|
||
3AEE000
|
stack
|
page read and write
|
||
31B7000
|
heap
|
page read and write
|
||
27B7000
|
heap
|
page read and write
|
||
5961000
|
heap
|
page read and write
|
||
6B8000
|
unkown
|
page readonly
|
||
29F7000
|
heap
|
page read and write
|
||
362E000
|
stack
|
page read and write
|
||
7B4000
|
unkown
|
page readonly
|
||
7AB000
|
unkown
|
page readonly
|
||
1070000
|
heap
|
page read and write
|
||
27AE000
|
heap
|
page read and write
|
||
7B4000
|
unkown
|
page readonly
|
||
2CA5000
|
heap
|
page read and write
|
||
2EC5000
|
heap
|
page execute and read and write
|
||
7D6000
|
unkown
|
page read and write
|
||
5960000
|
heap
|
page read and write
|
||
2CCA000
|
heap
|
page read and write
|
||
303B000
|
heap
|
page execute and read and write
|
||
930000
|
unkown
|
page readonly
|
||
834000
|
unkown
|
page readonly
|
||
82A000
|
unkown
|
page read and write
|
||
3D6D000
|
stack
|
page read and write
|
||
82D000
|
unkown
|
page readonly
|
||
2930000
|
heap
|
page read and write
|
||
C11000
|
heap
|
page read and write
|
||
834000
|
unkown
|
page readonly
|
||
28B3000
|
heap
|
page read and write
|
||
805000
|
unkown
|
page read and write
|
||
C35000
|
heap
|
page read and write
|
||
550000
|
unkown
|
page readonly
|
||
2CF8000
|
heap
|
page read and write
|
||
7AB000
|
unkown
|
page readonly
|
||
31AE000
|
heap
|
page read and write
|
||
7D4000
|
unkown
|
page write copy
|
||
2D54000
|
heap
|
page execute and read and write
|
||
3DAE000
|
stack
|
page read and write
|
||
38BF000
|
stack
|
page read and write
|
||
2FB3000
|
heap
|
page execute and read and write
|
||
825000
|
unkown
|
page read and write
|
||
BE8000
|
heap
|
page read and write
|
||
5800000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
7EA000
|
unkown
|
page write copy
|
||
C7C000
|
heap
|
page read and write
|
||
7EB000
|
unkown
|
page read and write
|
||
C38000
|
heap
|
page read and write
|
||
82A000
|
unkown
|
page read and write
|
||
27A0000
|
heap
|
page read and write
|
||
825000
|
unkown
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
C8B000
|
heap
|
page read and write
|
||
30BB000
|
heap
|
page read and write
|
||
3C7E000
|
stack
|
page read and write
|
||
308F000
|
heap
|
page read and write
|
||
C8B000
|
heap
|
page read and write
|
||
305D000
|
heap
|
page execute and read and write
|
||
3009000
|
heap
|
page execute and read and write
|
||
317A000
|
heap
|
page read and write
|
||
2B3E000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
805000
|
unkown
|
page read and write
|
||
27A4000
|
heap
|
page read and write
|
||
2E50000
|
heap
|
page execute and read and write
|
||
550000
|
unkown
|
page readonly
|
||
29E0000
|
heap
|
page read and write
|
||
25A0000
|
heap
|
page read and write
|
||
2C9E000
|
heap
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
2BB2000
|
heap
|
page read and write
|
||
7E1000
|
unkown
|
page read and write
|
||
927000
|
unkown
|
page readonly
|
||
834000
|
unkown
|
page readonly
|
||
3EFE000
|
stack
|
page read and write
|
||
C69000
|
heap
|
page read and write
|
||
2A30000
|
heap
|
page read and write
|
There are 252 hidden memdumps, click here to show them.