Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
208.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\Desktop\QQWER.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\4c51f6.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\4c5264.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\4c9652.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\4c96fe.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
C:\Users\user\Desktop\ 1.bmp
|
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 2.bmp
|
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 4.bmp
|
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 404.bmp
|
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
|
modified
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\208.exe
|
"C:\Users\user\Desktop\208.exe"
|
||
C:\Users\user\Desktop\208.exe
|
"C:\Users\user\Desktop\208.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtI
|
unknown
|
||
http://ocsp.t
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtK
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txteM
|
unknown
|
||
http://.httpsset-cookie:;;
|
unknown
|
||
http://ts-ocsp.ws.s
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt/
|
unknown
|
||
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtQ
|
unknown
|
||
http://ts-ocsp.ws.symantec.
|
unknown
|
||
http://sf.symc
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtC:
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt&
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtY
|
unknown
|
||
https://ww(w.v
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtQL
|
unknown
|
||
https://User-Agent:Mozilla/4.0
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtD
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
|
unknown
|
There are 12 hidden URLs, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
42.193.100.57
|
unknown
|
China
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
36FF000
|
stack
|
page read and write
|
||
C2E000
|
heap
|
page read and write
|
||
7D9000
|
unkown
|
page write copy
|
||
30AB000
|
heap
|
page read and write
|
||
2984000
|
heap
|
page read and write
|
||
7E8000
|
unkown
|
page read and write
|
||
82E000
|
unkown
|
page readonly
|
||
B4F000
|
heap
|
page read and write
|
||
7D5000
|
unkown
|
page write copy
|
||
2BB5000
|
heap
|
page read and write
|
||
3ED1000
|
heap
|
page read and write
|
||
2DE3000
|
heap
|
page execute and read and write
|
||
2EFF000
|
heap
|
page execute and read and write
|
||
2D57000
|
heap
|
page execute and read and write
|
||
551000
|
unkown
|
page readonly
|
||
2F45000
|
heap
|
page execute and read and write
|
||
307C000
|
heap
|
page read and write
|
||
7D5000
|
unkown
|
page write copy
|
||
D00000
|
heap
|
page read and write
|
||
7F8000
|
unkown
|
page read and write
|
||
950000
|
heap
|
page read and write
|
||
3C0B000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
551000
|
unkown
|
page readonly
|
||
2974000
|
heap
|
page read and write
|
||
3C3E000
|
stack
|
page read and write
|
||
39BE000
|
stack
|
page read and write
|
||
38FF000
|
stack
|
page read and write
|
||
7E3000
|
unkown
|
page write copy
|
||
D45000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
B6C000
|
heap
|
page read and write
|
||
AC5000
|
heap
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
2BBD000
|
heap
|
page read and write
|
||
A8E000
|
heap
|
page read and write
|
||
2BD6000
|
heap
|
page read and write
|
||
31C3000
|
heap
|
page read and write
|
||
3AFE000
|
stack
|
page read and write
|
||
553C000
|
stack
|
page read and write
|
||
D6D000
|
heap
|
page read and write
|
||
A30000
|
heap
|
page read and write
|
||
A56000
|
heap
|
page read and write
|
||
AA0000
|
heap
|
page read and write
|
||
2E7A000
|
heap
|
page execute and read and write
|
||
B4E000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
2A74000
|
heap
|
page read and write
|
||
ACF000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
CC7000
|
heap
|
page read and write
|
||
9F0000
|
heap
|
page read and write
|
||
551000
|
unkown
|
page readonly
|
||
C40000
|
heap
|
page execute and read and write
|
||
2F24000
|
heap
|
page execute and read and write
|
||
D16000
|
heap
|
page read and write
|
||
D2D000
|
heap
|
page read and write
|
||
7E8000
|
unkown
|
page read and write
|
||
2670000
|
heap
|
page read and write
|
||
82E000
|
unkown
|
page readonly
|
||
401000
|
unkown
|
page execute read
|
||
2F02000
|
heap
|
page execute and read and write
|
||
7E2000
|
unkown
|
page read and write
|
||
AF2000
|
heap
|
page read and write
|
||
2B74000
|
heap
|
page read and write
|
||
2F7C000
|
heap
|
page read and write
|
||
A50000
|
heap
|
page read and write
|
||
826000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
CEA000
|
heap
|
page read and write
|
||
2700000
|
heap
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
7EC000
|
unkown
|
page read and write
|
||
2F49000
|
heap
|
page execute and read and write
|
||
2D72000
|
heap
|
page execute and read and write
|
||
2704000
|
heap
|
page read and write
|
||
290A000
|
heap
|
page read and write
|
||
3D4D000
|
stack
|
page read and write
|
||
D3A000
|
heap
|
page read and write
|
||
7B5000
|
unkown
|
page readonly
|
||
2B99000
|
heap
|
page read and write
|
||
2F24000
|
heap
|
page execute and read and write
|
||
940000
|
heap
|
page read and write
|
||
7D7000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
82B000
|
unkown
|
page read and write
|
||
B64000
|
heap
|
page read and write
|
||
A0E000
|
heap
|
page read and write
|
||
31C3000
|
heap
|
page read and write
|
||
C20000
|
heap
|
page read and write
|
||
C60000
|
heap
|
page read and write
|
||
826000
|
unkown
|
page read and write
|
||
FD6000
|
heap
|
page read and write
|
||
7EB000
|
unkown
|
page write copy
|
||
2D53000
|
heap
|
page execute and read and write
|
||
7EC000
|
unkown
|
page read and write
|
||
2DF7000
|
heap
|
page execute and read and write
|
||
2F20000
|
heap
|
page execute and read and write
|
||
401000
|
unkown
|
page execute read
|
||
2BE6000
|
heap
|
page read and write
|
||
CC0000
|
heap
|
page read and write
|
||
2A9B000
|
heap
|
page read and write
|
||
A04000
|
heap
|
page read and write
|
||
3B0E000
|
stack
|
page read and write
|
||
2F17000
|
heap
|
page execute and read and write
|
||
2BEE000
|
stack
|
page read and write
|
||
30C3000
|
heap
|
page read and write
|
||
3E8E000
|
stack
|
page read and write
|
||
35EE000
|
stack
|
page read and write
|
||
2A70000
|
heap
|
page read and write
|
||
806000
|
unkown
|
page read and write
|
||
3B3E000
|
stack
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
2B95000
|
heap
|
page read and write
|
||
26D0000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
D35000
|
heap
|
page read and write
|
||
28EE000
|
stack
|
page read and write
|
||
3D8C000
|
stack
|
page read and write
|
||
B53000
|
heap
|
page read and write
|
||
B62000
|
heap
|
page read and write
|
||
C9E000
|
heap
|
page read and write
|
||
2A71000
|
heap
|
page read and write
|
||
2A93000
|
heap
|
page read and write
|
||
2970000
|
heap
|
page read and write
|
||
9F5000
|
heap
|
page read and write
|
||
2B8C000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
7EB000
|
unkown
|
page write copy
|
||
2BBA000
|
heap
|
page read and write
|
||
2950000
|
heap
|
page read and write
|
||
3C7E000
|
stack
|
page read and write
|
||
C24000
|
heap
|
page read and write
|
||
CC7000
|
heap
|
page read and write
|
||
372E000
|
stack
|
page read and write
|
||
3ED0000
|
heap
|
page read and write
|
||
82B000
|
unkown
|
page read and write
|
||
7D5000
|
unkown
|
page write copy
|
||
2F75000
|
heap
|
page read and write
|
||
36EF000
|
stack
|
page read and write
|
||
2C2A000
|
heap
|
page execute and read and write
|
||
397F000
|
stack
|
page read and write
|
||
2B9C000
|
heap
|
page read and write
|
||
C88000
|
heap
|
page read and write
|
||
307E000
|
heap
|
page read and write
|
||
D44000
|
heap
|
page read and write
|
||
D3E000
|
heap
|
page read and write
|
||
2F27000
|
heap
|
page execute and read and write
|
||
A20000
|
heap
|
page read and write
|
||
AF9000
|
heap
|
page read and write
|
||
7E3000
|
unkown
|
page write copy
|
||
7D7000
|
unkown
|
page read and write
|
||
B32000
|
heap
|
page read and write
|
||
2EF2000
|
heap
|
page execute and read and write
|
||
19C000
|
stack
|
page read and write
|
||
2A60000
|
heap
|
page execute and read and write
|
||
39FF000
|
stack
|
page read and write
|
||
2B9B000
|
heap
|
page read and write
|
||
2BBE000
|
heap
|
page read and write
|
||
C80000
|
heap
|
page read and write
|
||
D1B000
|
heap
|
page read and write
|
||
AC0000
|
heap
|
page read and write
|
||
382F000
|
stack
|
page read and write
|
||
7EB000
|
unkown
|
page write copy
|
||
551000
|
unkown
|
page readonly
|
||
5810000
|
heap
|
page read and write
|
||
A8A000
|
heap
|
page read and write
|
||
806000
|
unkown
|
page read and write
|
||
A00000
|
heap
|
page read and write
|
||
2926000
|
heap
|
page read and write
|
||
387E000
|
stack
|
page read and write
|
||
30C3000
|
heap
|
page read and write
|
||
2A84000
|
heap
|
page read and write
|
||
2BB6000
|
heap
|
page read and write
|
||
563E000
|
stack
|
page read and write
|
||
3C4E000
|
stack
|
page read and write
|
||
A80000
|
heap
|
page read and write
|
||
3D7B000
|
stack
|
page read and write
|
||
2E9F000
|
heap
|
page execute and read and write
|
||
ACC000
|
heap
|
page read and write
|
||
2C2E000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
7B5000
|
unkown
|
page readonly
|
||
2A26000
|
heap
|
page read and write
|
||
2A9A000
|
heap
|
page read and write
|
||
7F8000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
5800000
|
heap
|
page read and write
|
||
2D6E000
|
heap
|
page execute and read and write
|
||
2BE3000
|
heap
|
page read and write
|
||
7EB000
|
unkown
|
page write copy
|
||
B14000
|
heap
|
page read and write
|
||
2FAB000
|
heap
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
30CE000
|
heap
|
page read and write
|
||
32B0000
|
heap
|
page read and write
|
||
2DD2000
|
heap
|
page execute and read and write
|
||
7B5000
|
unkown
|
page readonly
|
||
FD0000
|
heap
|
page read and write
|
||
2B93000
|
heap
|
page read and write
|
||
D35000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
280A000
|
heap
|
page read and write
|
||
2F7E000
|
heap
|
page read and write
|
||
82E000
|
unkown
|
page readonly
|
||
82E000
|
unkown
|
page readonly
|
||
B62000
|
heap
|
page read and write
|
||
FCE000
|
stack
|
page read and write
|
||
2BC2000
|
heap
|
page read and write
|
||
7B5000
|
unkown
|
page readonly
|
||
CC3000
|
heap
|
page read and write
|
||
B66000
|
heap
|
page read and write
|
||
2BC5000
|
heap
|
page read and write
|
||
D3C000
|
heap
|
page read and write
|
||
2BAD000
|
heap
|
page read and write
|
||
3ABE000
|
stack
|
page read and write
|
||
2DC8000
|
heap
|
page execute and read and write
|
||
7E2000
|
unkown
|
page read and write
|
||
D24000
|
heap
|
page read and write
|
||
2C45000
|
heap
|
page execute and read and write
|
||
7D5000
|
unkown
|
page write copy
|
||
7D9000
|
unkown
|
page write copy
|
||
3400000
|
heap
|
page read and write
|
There are 214 hidden memdumps, click here to show them.