Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
99.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\709f3c.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\709faa.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\ 3.bmp
|
PNG image data, 26 x 27, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\Desktop\ .ini
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\99.exe
|
"C:\Users\user\Desktop\99.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
https://ww(w.v
|
unknown
|
||
http://ocsp.t
|
unknown
|
||
http://.httpsset-cookie:;;
|
unknown
|
||
http://ts-ocsp.ws.s
|
unknown
|
||
http://ts-ocsp.ws.symantec.
|
unknown
|
||
https://note.youdao.com/yws/public/note/fee7522094b30863456a85ffb799784a?sev=j1
|
unknown
|
||
http://sf.symc
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
A57000
|
heap
|
page read and write
|
||
5F5000
|
unkown
|
page write copy
|
||
A6E000
|
heap
|
page read and write
|
||
2760000
|
trusted library allocation
|
page read and write
|
||
2661000
|
heap
|
page read and write
|
||
29CA000
|
heap
|
page execute and read and write
|
||
970000
|
heap
|
page read and write
|
||
9BE000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
603000
|
unkown
|
page write copy
|
||
2A72000
|
heap
|
page execute and read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
7D5000
|
heap
|
page read and write
|
||
2788000
|
heap
|
page read and write
|
||
750000
|
heap
|
page read and write
|
||
2B18000
|
heap
|
page execute and read and write
|
||
7D0000
|
heap
|
page read and write
|
||
2550000
|
heap
|
page read and write
|
||
8DF000
|
stack
|
page read and write
|
||
60C000
|
unkown
|
page write copy
|
||
2551000
|
heap
|
page read and write
|
||
2668000
|
heap
|
page read and write
|
||
5F5000
|
unkown
|
page write copy
|
||
950000
|
heap
|
page read and write
|
||
A81000
|
heap
|
page read and write
|
||
990000
|
heap
|
page read and write
|
||
9FB000
|
heap
|
page read and write
|
||
293B000
|
heap
|
page execute and read and write
|
||
29B0000
|
heap
|
page execute and read and write
|
||
2AF7000
|
heap
|
page execute and read and write
|
||
60C000
|
unkown
|
page read and write
|
||
2650000
|
heap
|
page execute and read and write
|
||
9B0000
|
heap
|
page read and write
|
||
2540000
|
heap
|
page read and write
|
||
2795000
|
heap
|
page read and write
|
||
279E000
|
stack
|
page read and write
|
||
A69000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2544000
|
heap
|
page read and write
|
||
54C000
|
unkown
|
page readonly
|
||
A5B000
|
heap
|
page read and write
|
||
A35000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
79E000
|
stack
|
page read and write
|
||
5F9000
|
unkown
|
page write copy
|
||
2791000
|
heap
|
page read and write
|
||
27B9000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
608000
|
unkown
|
page read and write
|
||
2B1C000
|
heap
|
page execute and read and write
|
||
400000
|
unkown
|
page readonly
|
||
A3C000
|
heap
|
page read and write
|
||
2510000
|
heap
|
page read and write
|
||
A6C000
|
heap
|
page read and write
|
||
9BA000
|
heap
|
page read and write
|
||
7B0000
|
heap
|
page read and write
|
||
60A000
|
unkown
|
page write copy
|
||
2558000
|
heap
|
page read and write
|
||
2AEA000
|
heap
|
page execute and read and write
|
||
A4B000
|
heap
|
page read and write
|
||
64E000
|
unkown
|
page readonly
|
||
266D000
|
heap
|
page read and write
|
||
7D7000
|
heap
|
page read and write
|
||
2760000
|
trusted library allocation
|
page read and write
|
||
27B6000
|
heap
|
page read and write
|
||
278B000
|
heap
|
page read and write
|
||
319F000
|
stack
|
page read and write
|
||
2812000
|
heap
|
page execute and read and write
|
||
401000
|
unkown
|
page execute read
|
||
670000
|
heap
|
page read and write
|
||
54C000
|
unkown
|
page readonly
|
||
646000
|
unkown
|
page read and write
|
||
A66000
|
heap
|
page read and write
|
||
64B000
|
unkown
|
page read and write
|
||
64E000
|
unkown
|
page readonly
|
||
2798000
|
heap
|
page read and write
|
||
9A0000
|
heap
|
page read and write
|
||
2660000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
2AFA000
|
heap
|
page execute and read and write
|
||
9FC000
|
heap
|
page read and write
|
||
27DE000
|
stack
|
page read and write
|
||
A38000
|
heap
|
page read and write
|
||
995000
|
heap
|
page read and write
|
||
954000
|
heap
|
page read and write
|
||
309F000
|
stack
|
page read and write
|
||
5F7000
|
unkown
|
page read and write
|
||
618000
|
unkown
|
page read and write
|
||
27A9000
|
heap
|
page read and write
|
||
293F000
|
heap
|
page execute and read and write
|
||
920000
|
heap
|
page read and write
|
||
602000
|
unkown
|
page read and write
|
There are 82 hidden memdumps, click here to show them.