Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
215.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\Desktop\QQWER.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\648508.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\6485a4.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\64c0e8.tmp
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\64c146.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 88 x 30 x 24, image size 7920, cbSize 7974, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 1.bmp
|
PC bitmap, Windows 3.x format, 43 x 25 x 24, image size 3300, cbSize 3354, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 2.bmp
|
PC bitmap, Windows 3.x format, 122 x 40 x 24, image size 14720, cbSize 14774, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ .bmp
|
PC bitmap, Windows 3.x format, 124 x 21 x 24, image size 7812, cbSize 7866, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 4.bmp
|
PC bitmap, Windows 3.x format, 132 x 32 x 24, image size 12672, cbSize 12726, bits offset 54
|
dropped
|
||
C:\Users\user\Desktop\ 404.bmp
|
PC bitmap, Windows 3.x format, 312 x 196 x 24, image size 183456, cbSize 183510, bits offset 54
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\215.exe
|
"C:\Users\user\Desktop\215.exe"
|
||
C:\Users\user\Desktop\215.exe
|
"C:\Users\user\Desktop\215.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.eyuyan.com)DVarFileInfo$
|
unknown
|
||
http://ocsp.t
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt._cache_
|
unknown
|
||
http://.httpsset-cookie:;;
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtm
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtgrams
|
unknown
|
||
http://ts-ocsp.ws.s
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtn
|
unknown
|
||
https://note.youdao.com/yws/public/note/03cb89fe74e7b4305099ed5dabde2135?sev=j1
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt1
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt-
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt3
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtS
|
unknown
|
||
http://ts-ocsp.ws.symantec.
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtST
|
unknown
|
||
http://sf.symc
|
unknown
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/.txtJ
|
unknown
|
||
https://ww(w.v
|
unknown
|
||
https://User-Agent:Mozilla/4.0
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txt
|
42.193.100.57
|
||
http://42.193.100.57/%E5%AD%98%E6%A1%A3/
|
unknown
|
||
http://42.193.100.57/%E8%87%AA%E5%B7%B1%E7%9A%84%E6%A1%A3.txtAs
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
42.193.100.57
|
unknown
|
China
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2793000
|
heap
|
page read and write
|
||
272E000
|
heap
|
page read and write
|
||
2700000
|
heap
|
page execute and read and write
|
||
3EBB000
|
stack
|
page read and write
|
||
929000
|
unkown
|
page readonly
|
||
38BE000
|
stack
|
page read and write
|
||
7E4000
|
unkown
|
page write copy
|
||
7B6000
|
unkown
|
page readonly
|
||
932000
|
unkown
|
page readonly
|
||
837000
|
unkown
|
page readonly
|
||
7AD000
|
unkown
|
page readonly
|
||
313A000
|
heap
|
page read and write
|
||
B2A000
|
heap
|
page read and write
|
||
39FC000
|
stack
|
page read and write
|
||
39CE000
|
stack
|
page read and write
|
||
28B3000
|
heap
|
page read and write
|
||
3AFE000
|
stack
|
page read and write
|
||
3112000
|
heap
|
page read and write
|
||
2A00000
|
heap
|
page execute and read and write
|
||
302A000
|
heap
|
page read and write
|
||
980000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
B14000
|
heap
|
page read and write
|
||
3C1B000
|
stack
|
page read and write
|
||
30F1000
|
heap
|
page read and write
|
||
3049000
|
heap
|
page read and write
|
||
82C000
|
unkown
|
page read and write
|
||
2B50000
|
heap
|
page read and write
|
||
2720000
|
heap
|
page read and write
|
||
929000
|
unkown
|
page readonly
|
||
31FA000
|
heap
|
page read and write
|
||
2EA3000
|
heap
|
page execute and read and write
|
||
E70000
|
heap
|
page read and write
|
||
19C000
|
stack
|
page read and write
|
||
5810000
|
heap
|
page read and write
|
||
2ED1000
|
heap
|
page execute and read and write
|
||
3203000
|
heap
|
page read and write
|
||
313B000
|
heap
|
page read and write
|
||
2B75000
|
heap
|
page read and write
|
||
7D6000
|
unkown
|
page write copy
|
||
2B21000
|
heap
|
page read and write
|
||
2EB3000
|
heap
|
page execute and read and write
|
||
2AE4000
|
heap
|
page read and write
|
||
A05000
|
heap
|
page read and write
|
||
29B3000
|
heap
|
page read and write
|
||
2E2B000
|
heap
|
page execute and read and write
|
||
7D6000
|
unkown
|
page write copy
|
||
550000
|
unkown
|
page readonly
|
||
387E000
|
stack
|
page read and write
|
||
929000
|
unkown
|
page readonly
|
||
82F000
|
unkown
|
page readonly
|
||
6BB000
|
unkown
|
page readonly
|
||
82C000
|
unkown
|
page read and write
|
||
288E000
|
heap
|
page read and write
|
||
82F000
|
unkown
|
page readonly
|
||
2C28000
|
heap
|
page read and write
|
||
277E000
|
heap
|
page read and write
|
||
2ED5000
|
heap
|
page execute and read and write
|
||
A19000
|
heap
|
page read and write
|
||
807000
|
unkown
|
page read and write
|
||
9D2000
|
heap
|
page read and write
|
||
7D8000
|
unkown
|
page read and write
|
||
2C01000
|
heap
|
page read and write
|
||
2B68000
|
heap
|
page read and write
|
||
827000
|
unkown
|
page read and write
|
||
BA6000
|
heap
|
page read and write
|
||
2F2F000
|
heap
|
page read and write
|
||
B95000
|
heap
|
page read and write
|
||
7AD000
|
unkown
|
page readonly
|
||
807000
|
unkown
|
page read and write
|
||
B3D000
|
heap
|
page read and write
|
||
3C7E000
|
stack
|
page read and write
|
||
2760000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
9D6000
|
heap
|
page read and write
|
||
7D6000
|
unkown
|
page write copy
|
||
383F000
|
stack
|
page read and write
|
||
7ED000
|
unkown
|
page read and write
|
||
28A0000
|
heap
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
2BDF000
|
heap
|
page read and write
|
||
3C3E000
|
stack
|
page read and write
|
||
2910000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
2ADE000
|
heap
|
page read and write
|
||
2B2A000
|
heap
|
page read and write
|
||
2A2F000
|
heap
|
page read and write
|
||
2EB0000
|
heap
|
page execute and read and write
|
||
7EC000
|
unkown
|
page write copy
|
||
2B47000
|
heap
|
page read and write
|
||
A52000
|
heap
|
page read and write
|
||
7EC000
|
unkown
|
page write copy
|
||
7B6000
|
unkown
|
page readonly
|
||
6BB000
|
unkown
|
page readonly
|
||
2A2A000
|
heap
|
page read and write
|
||
1003A000
|
direct allocation
|
page execute and read and write
|
||
7EC000
|
unkown
|
page write copy
|
||
2C8D000
|
heap
|
page execute and read and write
|
||
3046000
|
heap
|
page read and write
|
||
550000
|
unkown
|
page readonly
|
||
7E9000
|
unkown
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
5821000
|
heap
|
page read and write
|
||
3141000
|
heap
|
page read and write
|
||
7B6000
|
unkown
|
page readonly
|
||
2BD6000
|
heap
|
page read and write
|
||
7B6000
|
unkown
|
page readonly
|
||
1030000
|
heap
|
page read and write
|
||
7DA000
|
unkown
|
page write copy
|
||
2B78000
|
heap
|
page read and write
|
||
2DBA000
|
heap
|
page execute and read and write
|
||
98A000
|
heap
|
page read and write
|
||
2A2C000
|
heap
|
page read and write
|
||
A00000
|
heap
|
page read and write
|
||
3144000
|
heap
|
page read and write
|
||
827000
|
unkown
|
page read and write
|
||
7D8000
|
unkown
|
page read and write
|
||
3201000
|
heap
|
page read and write
|
||
2B54000
|
heap
|
page read and write
|
||
B3F000
|
heap
|
page read and write
|
||
A42000
|
heap
|
page read and write
|
||
B97000
|
heap
|
page read and write
|
||
7E3000
|
unkown
|
page read and write
|
||
7E4000
|
unkown
|
page write copy
|
||
2ADF000
|
heap
|
page read and write
|
||
7AD000
|
unkown
|
page readonly
|
||
2ADF000
|
heap
|
page read and write
|
||
6BB000
|
unkown
|
page readonly
|
||
3C5E000
|
stack
|
page read and write
|
||
2B4D000
|
heap
|
page read and write
|
||
2C2E000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
39BF000
|
stack
|
page read and write
|
||
3DBE000
|
stack
|
page read and write
|
||
2AC0000
|
heap
|
page read and write
|
||
3048000
|
heap
|
page read and write
|
||
2C07000
|
heap
|
page read and write
|
||
1010000
|
heap
|
page read and write
|
||
B1B000
|
heap
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
19C000
|
stack
|
page read and write
|
||
AB8000
|
heap
|
page read and write
|
||
7EC000
|
unkown
|
page write copy
|
||
2BFA000
|
heap
|
page read and write
|
||
2BD1000
|
heap
|
page execute and read and write
|
||
B6D000
|
heap
|
page read and write
|
||
550000
|
unkown
|
page readonly
|
||
B05000
|
heap
|
page read and write
|
||
7D6000
|
unkown
|
page write copy
|
||
3204000
|
heap
|
page read and write
|
||
563E000
|
stack
|
page read and write
|
||
2724000
|
heap
|
page read and write
|
||
29AA000
|
heap
|
page read and write
|
||
932000
|
unkown
|
page readonly
|
||
990000
|
heap
|
page read and write
|
||
320D000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
82F000
|
unkown
|
page readonly
|
||
3B3E000
|
stack
|
page read and write
|
||
29EE000
|
stack
|
page read and write
|
||
B5E000
|
heap
|
page read and write
|
||
2C2B000
|
heap
|
page read and write
|
||
26B0000
|
heap
|
page read and write
|
||
2F9A000
|
heap
|
page execute and read and write
|
||
387F000
|
stack
|
page read and write
|
||
9B8000
|
heap
|
page read and write
|
||
2DB6000
|
heap
|
page execute and read and write
|
||
B64000
|
heap
|
page read and write
|
||
6BB000
|
unkown
|
page readonly
|
||
970000
|
heap
|
page read and write
|
||
3138000
|
heap
|
page read and write
|
||
2D6F000
|
heap
|
page execute and read and write
|
||
401000
|
unkown
|
page execute read
|
||
2885000
|
heap
|
page read and write
|
||
7F9000
|
unkown
|
page read and write
|
||
278E000
|
heap
|
page read and write
|
||
940000
|
heap
|
page read and write
|
||
3108000
|
heap
|
page read and write
|
||
837000
|
unkown
|
page readonly
|
||
B6A000
|
heap
|
page read and write
|
||
28B8000
|
heap
|
page read and write
|
||
2F6C000
|
heap
|
page execute and read and write
|
||
97000
|
stack
|
page read and write
|
||
10000000
|
direct allocation
|
page execute and read and write
|
||
EA6000
|
heap
|
page read and write
|
||
1036000
|
heap
|
page read and write
|
||
7E9000
|
unkown
|
page read and write
|
||
932000
|
unkown
|
page readonly
|
||
837000
|
unkown
|
page readonly
|
||
A41000
|
heap
|
page read and write
|
||
950000
|
heap
|
page read and write
|
||
3D5F000
|
stack
|
page read and write
|
||
2F79000
|
heap
|
page execute and read and write
|
||
B97000
|
heap
|
page read and write
|
||
373F000
|
stack
|
page read and write
|
||
310F000
|
heap
|
page read and write
|
||
2914000
|
heap
|
page read and write
|
||
397F000
|
stack
|
page read and write
|
||
932000
|
unkown
|
page readonly
|
||
30E8000
|
heap
|
page read and write
|
||
3B1E000
|
stack
|
page read and write
|
||
2C0A000
|
heap
|
page read and write
|
||
2E2B000
|
heap
|
page execute and read and write
|
||
2C03000
|
heap
|
page read and write
|
||
B00000
|
heap
|
page read and write
|
||
929000
|
unkown
|
page readonly
|
||
7E3000
|
unkown
|
page read and write
|
||
2E4C000
|
heap
|
page execute and read and write
|
||
7ED000
|
unkown
|
page read and write
|
||
3021000
|
heap
|
page read and write
|
||
363F000
|
stack
|
page read and write
|
||
2B7E000
|
stack
|
page read and write
|
||
5820000
|
heap
|
page read and write
|
||
98E000
|
heap
|
page read and write
|
||
A03000
|
heap
|
page read and write
|
||
2C1B000
|
heap
|
page read and write
|
||
B5E000
|
heap
|
page read and write
|
||
2B57000
|
heap
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
3ACD000
|
stack
|
page read and write
|
||
A17000
|
heap
|
page read and write
|
||
7AD000
|
unkown
|
page readonly
|
||
AD9000
|
heap
|
page read and write
|
||
2CFE000
|
heap
|
page execute and read and write
|
||
29C0000
|
heap
|
page read and write
|
||
A4F000
|
heap
|
page read and write
|
||
2C6E000
|
stack
|
page read and write
|
||
AB0000
|
heap
|
page read and write
|
||
2FF6000
|
heap
|
page read and write
|
||
28A4000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2F7C000
|
heap
|
page execute and read and write
|
||
289E000
|
stack
|
page read and write
|
||
837000
|
unkown
|
page readonly
|
||
550000
|
unkown
|
page readonly
|
||
2D83000
|
heap
|
page execute and read and write
|
||
7F9000
|
unkown
|
page read and write
|
||
553C000
|
stack
|
page read and write
|
||
EA0000
|
heap
|
page read and write
|
||
2EF4000
|
heap
|
page execute and read and write
|
||
AF0000
|
heap
|
page read and write
|
||
ADA000
|
heap
|
page read and write
|
||
2A10000
|
heap
|
page read and write
|
||
2774000
|
heap
|
page read and write
|
||
2A2A000
|
heap
|
page read and write
|
||
2F9E000
|
heap
|
page execute and read and write
|
||
9F0000
|
heap
|
page read and write
|
||
2CFA000
|
heap
|
page execute and read and write
|
||
377F000
|
stack
|
page read and write
|
||
7DA000
|
unkown
|
page write copy
|
||
2770000
|
heap
|
page read and write
|
||
82F000
|
unkown
|
page readonly
|
||
5810000
|
heap
|
page read and write
|
||
3D7D000
|
stack
|
page read and write
|
||
3380000
|
heap
|
page read and write
|
||
B5B000
|
heap
|
page read and write
|
There are 247 hidden memdumps, click here to show them.