Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
EZFN op cheats.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EZFN op cheats.exe.log
|
CSV text
|
dropped
|
||
C:\Users\user\AppData\Roaming\SubDir\Client.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log
|
CSV text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\EZFN op cheats.exe
|
"C:\Users\user\Desktop\EZFN op cheats.exe"
|
||
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "cheats" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
|
||
C:\Users\user\AppData\Roaming\SubDir\Client.exe
|
"C:\Users\user\AppData\Roaming\SubDir\Client.exe"
|
||
C:\Users\user\AppData\Roaming\SubDir\Client.exe
|
C:\Users\user\AppData\Roaming\SubDir\Client.exe
|
||
C:\Windows\System32\schtasks.exe
|
"schtasks" /create /tn "cheats" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
192.168.137.1
|
|||
https://api.ipify.org/
|
unknown
|
||
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
https://ipwho.is/
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
192.168.137.1
|
unknown
|
unknown
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
690000
|
unkown
|
page readonly
|
||
372000
|
unkown
|
page readonly
|
||
7FF46A130000
|
trusted library allocation
|
page execute and read and write
|
||
1B282000
|
heap
|
page read and write
|
||
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
32BE000
|
stack
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
F3E000
|
stack
|
page read and write
|
||
12873000
|
trusted library allocation
|
page read and write
|
||
7FFD9B960000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6D6000
|
trusted library allocation
|
page read and write
|
||
1B793000
|
heap
|
page read and write
|
||
19ED45D0000
|
heap
|
page read and write
|
||
1840000
|
trusted library allocation
|
page read and write
|
||
13B0000
|
heap
|
page read and write
|
||
E10000
|
heap
|
page execute and read and write
|
||
1B72E000
|
stack
|
page read and write
|
||
7FFD9B78C000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BAE2000
|
trusted library allocation
|
page read and write
|
||
133EE000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
1853000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8A5000
|
trusted library allocation
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
1287E000
|
trusted library allocation
|
page read and write
|
||
3190000
|
heap
|
page read and write
|
||
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB07000
|
trusted library allocation
|
page read and write
|
||
1B35000
|
heap
|
page read and write
|
||
936B8FF000
|
unkown
|
page read and write
|
||
7FFD9B6E3000
|
trusted library allocation
|
page read and write
|
||
1BF40000
|
heap
|
page read and write
|
||
30B4000
|
trusted library allocation
|
page read and write
|
||
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
12871000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
1B96D000
|
stack
|
page read and write
|
||
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
B00000
|
heap
|
page read and write
|
||
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
D90000
|
trusted library allocation
|
page read and write
|
||
37AB000
|
trusted library allocation
|
page read and write
|
||
1300000
|
heap
|
page read and write
|
||
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
B40000
|
heap
|
page read and write
|
||
7FFD9B6B4000
|
trusted library allocation
|
page read and write
|
||
18AE000
|
stack
|
page read and write
|
||
7FFD9BA60000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B875000
|
trusted library allocation
|
page read and write
|
||
1B52A000
|
heap
|
page read and write
|
||
1BD34000
|
heap
|
page read and write
|
||
1DED6780000
|
heap
|
page read and write
|
||
33E1000
|
trusted library allocation
|
page read and write
|
||
7FFD9B89B000
|
trusted library allocation
|
page read and write
|
||
1BE3F000
|
stack
|
page read and write
|
||
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
1057000
|
heap
|
page read and write
|
||
1DED6760000
|
heap
|
page read and write
|
||
A20000
|
heap
|
page read and write
|
||
7FFD9B72C000
|
trusted library allocation
|
page execute and read and write
|
||
1C044000
|
heap
|
page read and write
|
||
D40000
|
heap
|
page read and write
|
||
7FFD9B6B2000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8BB000
|
trusted library allocation
|
page read and write
|
||
1C04E000
|
heap
|
page read and write
|
||
7FFD9BB2C000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6D3000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B6D3000
|
trusted library allocation
|
page execute and read and write
|
||
C34000
|
heap
|
page read and write
|
||
1B319000
|
stack
|
page read and write
|
||
7FFD9B6D2000
|
trusted library allocation
|
page read and write
|
||
37A5000
|
trusted library allocation
|
page read and write
|
||
1BD30000
|
heap
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
1C23E000
|
stack
|
page read and write
|
||
1B760000
|
heap
|
page read and write
|
||
7FFD9B6F4000
|
trusted library allocation
|
page read and write
|
||
133E1000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
1DED6920000
|
heap
|
page read and write
|
||
7FFD9B72C000
|
trusted library allocation
|
page execute and read and write
|
||
1C046000
|
heap
|
page read and write
|
||
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
12B0000
|
heap
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
1060000
|
heap
|
page execute and read and write
|
||
1BD0E000
|
stack
|
page read and write
|
||
2B9A000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA20000
|
trusted library allocation
|
page read and write
|
||
BBF6B7F000
|
stack
|
page read and write
|
||
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
110C000
|
heap
|
page read and write
|
||
FD0000
|
heap
|
page read and write
|
||
12DA5000
|
trusted library allocation
|
page read and write
|
||
1B92F000
|
stack
|
page read and write
|
||
1860000
|
heap
|
page read and write
|
||
1305000
|
heap
|
page read and write
|
||
2871000
|
trusted library allocation
|
page read and write
|
||
1CB0E000
|
stack
|
page read and write
|
||
1A8A0000
|
trusted library allocation
|
page read and write
|
||
1055000
|
heap
|
page read and write
|
||
37A3000
|
trusted library allocation
|
page read and write
|
||
1BC3E000
|
stack
|
page read and write
|
||
7FFD9BB20000
|
trusted library allocation
|
page read and write
|
||
7FFD9B7B6000
|
trusted library allocation
|
page execute and read and write
|
||
2D91000
|
trusted library allocation
|
page read and write
|
||
E30000
|
heap
|
page read and write
|
||
1072000
|
heap
|
page read and write
|
||
BBF6AFF000
|
unkown
|
page read and write
|
||
7FFD9B8C5000
|
trusted library allocation
|
page read and write
|
||
7FFD9B7F0000
|
trusted library allocation
|
page execute and read and write
|
||
1725000
|
heap
|
page read and write
|
||
173B000
|
heap
|
page read and write
|
||
2B98000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB02000
|
trusted library allocation
|
page read and write
|
||
7FFD9BB40000
|
trusted library allocation
|
page read and write
|
||
33DE000
|
stack
|
page read and write
|
||
DB0000
|
trusted library allocation
|
page read and write
|
||
1B82F000
|
stack
|
page read and write
|
||
370000
|
unkown
|
page readonly
|
||
1030000
|
heap
|
page read and write
|
||
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6C3000
|
trusted library allocation
|
page read and write
|
||
7FFD9B7B6000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9BB60000
|
trusted library allocation
|
page execute and read and write
|
||
B69000
|
heap
|
page read and write
|
||
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
379F000
|
trusted library allocation
|
page read and write
|
||
106E000
|
heap
|
page read and write
|
||
12879000
|
trusted library allocation
|
page read and write
|
||
DC0000
|
heap
|
page read and write
|
||
10C5000
|
heap
|
page read and write
|
||
3421000
|
trusted library allocation
|
page read and write
|
||
1BFE4000
|
heap
|
page read and write
|
||
1080000
|
heap
|
page read and write
|
||
3419000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
1B30000
|
heap
|
page read and write
|
||
BE0000
|
heap
|
page read and write
|
||
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
33F0000
|
trusted library allocation
|
page read and write
|
||
2C00000
|
heap
|
page execute and read and write
|
||
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8F0000
|
trusted library allocation
|
page execute and read and write
|
||
1BA2E000
|
stack
|
page read and write
|
||
E35000
|
heap
|
page read and write
|
||
B20000
|
heap
|
page read and write
|
||
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
30B6000
|
trusted library allocation
|
page read and write
|
||
1C051000
|
heap
|
page read and write
|
||
1B258000
|
heap
|
page read and write
|
||
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B786000
|
trusted library allocation
|
page read and write
|
||
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
EF3000
|
stack
|
page read and write
|
||
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
7FFD9B85C000
|
trusted library allocation
|
page read and write
|
||
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
17C7000
|
heap
|
page read and write
|
||
1BF3F000
|
stack
|
page read and write
|
||
7FFD9B7D0000
|
trusted library allocation
|
page execute and read and write
|
||
19ED46AF000
|
heap
|
page read and write
|
||
1B750000
|
heap
|
page read and write
|
||
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
7FFD9B786000
|
trusted library allocation
|
page read and write
|
||
7FFD9B78C000
|
trusted library allocation
|
page execute and read and write
|
||
1CA09000
|
stack
|
page read and write
|
||
1270000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6B3000
|
trusted library allocation
|
page execute and read and write
|
||
1700000
|
heap
|
page read and write
|
||
1B5DA000
|
heap
|
page read and write
|
||
13E0000
|
heap
|
page read and write
|
||
103E000
|
stack
|
page read and write
|
||
1820000
|
trusted library allocation
|
page read and write
|
||
1250000
|
trusted library allocation
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
1DED67A8000
|
heap
|
page read and write
|
||
109C000
|
heap
|
page read and write
|
||
7FFD9B898000
|
trusted library allocation
|
page read and write
|
||
122F000
|
stack
|
page read and write
|
||
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
12D99000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6D4000
|
trusted library allocation
|
page read and write
|
||
19ED46A8000
|
heap
|
page read and write
|
||
1C536000
|
stack
|
page read and write
|
||
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
2D8F000
|
stack
|
page read and write
|
||
19ED48C0000
|
heap
|
page read and write
|
||
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
1BE43000
|
heap
|
page read and write
|
||
7FFD9B881000
|
trusted library allocation
|
page read and write
|
||
1BD20000
|
heap
|
page read and write
|
||
B66000
|
heap
|
page read and write
|
||
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
106B000
|
heap
|
page read and write
|
||
1025000
|
heap
|
page read and write
|
||
936B97F000
|
stack
|
page read and write
|
||
B49000
|
heap
|
page read and write
|
||
1B303000
|
heap
|
page read and write
|
||
B6C000
|
heap
|
page read and write
|
||
19ED48C5000
|
heap
|
page read and write
|
||
1B410000
|
trusted library allocation
|
page read and write
|
||
2BC0000
|
heap
|
page read and write
|
||
19ED45F0000
|
heap
|
page read and write
|
||
7FFD9B8CA000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8D0000
|
trusted library allocation
|
page read and write
|
||
1850000
|
trusted library allocation
|
page read and write
|
||
7D4000
|
stack
|
page read and write
|
||
7FFD9B6DD000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B76C000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
7FFD9B70C000
|
trusted library allocation
|
page execute and read and write
|
||
B7F000
|
heap
|
page read and write
|
||
7FFD9B766000
|
trusted library allocation
|
page read and write
|
||
7FFD9B855000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6CD000
|
trusted library allocation
|
page execute and read and write
|
||
12D93000
|
trusted library allocation
|
page read and write
|
||
1BE40000
|
heap
|
page read and write
|
||
936B879000
|
stack
|
page read and write
|
||
1B940000
|
heap
|
page read and write
|
||
1BD62000
|
heap
|
page read and write
|
||
BEF000
|
heap
|
page read and write
|
||
32D0000
|
heap
|
page execute and read and write
|
||
BAC000
|
heap
|
page read and write
|
||
7FFD9B6D2000
|
trusted library allocation
|
page read and write
|
||
BBF6A79000
|
stack
|
page read and write
|
||
7FFD9B6E3000
|
trusted library allocation
|
page read and write
|
||
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
1BFF0000
|
heap
|
page read and write
|
||
1B740000
|
heap
|
page execute and read and write
|
||
7FFD9B6FD000
|
trusted library allocation
|
page execute and read and write
|
||
7FFD9B796000
|
trusted library allocation
|
page execute and read and write
|
||
12D9E000
|
trusted library allocation
|
page read and write
|
||
1865000
|
heap
|
page read and write
|
||
D3E000
|
stack
|
page read and write
|
||
19ED46A0000
|
heap
|
page read and write
|
||
7FFD9B6BD000
|
trusted library allocation
|
page execute and read and write
|
||
12B3000
|
heap
|
page read and write
|
||
1038000
|
heap
|
page read and write
|
||
7FFD9B8E4000
|
trusted library allocation
|
page read and write
|
||
FF0000
|
heap
|
page read and write
|
||
370000
|
unkown
|
page readonly
|
||
7FFD9B8B8000
|
trusted library allocation
|
page read and write
|
||
1B240000
|
heap
|
page read and write
|
||
1340D000
|
trusted library allocation
|
page read and write
|
||
1AE0A000
|
stack
|
page read and write
|
||
1BD3F000
|
stack
|
page read and write
|
||
1020000
|
heap
|
page read and write
|
||
1708000
|
heap
|
page read and write
|
||
7FFD9B8B0000
|
trusted library allocation
|
page read and write
|
||
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
1ADC0000
|
trusted library allocation
|
page read and write
|
||
1B761000
|
heap
|
page read and write
|
||
19ED44F0000
|
heap
|
page read and write
|
||
1B233000
|
heap
|
page read and write
|
||
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8EF000
|
trusted library allocation
|
page read and write
|
||
3788000
|
trusted library allocation
|
page read and write
|
||
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
12885000
|
trusted library allocation
|
page read and write
|
||
173D000
|
heap
|
page read and write
|
||
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
BAE000
|
heap
|
page read and write
|
||
133F9000
|
trusted library allocation
|
page read and write
|
||
1DED67A0000
|
heap
|
page read and write
|
||
7FFD9B950000
|
trusted library allocation
|
page read and write
|
||
BAA000
|
heap
|
page read and write
|
||
7FFD9B8B8000
|
trusted library allocation
|
page read and write
|
||
BD0000
|
heap
|
page read and write
|
||
1DED6925000
|
heap
|
page read and write
|
||
10C0000
|
heap
|
page read and write
|
||
B7C000
|
heap
|
page read and write
|
||
13C0000
|
heap
|
page read and write
|
||
1C80E000
|
stack
|
page read and write
|
||
7FFD9B9F0000
|
trusted library allocation
|
page read and write
|
||
1361000
|
stack
|
page read and write
|
||
3416000
|
trusted library allocation
|
page read and write
|
||
7FFD9B790000
|
trusted library allocation
|
page execute and read and write
|
||
12D91000
|
trusted library allocation
|
page read and write
|
||
1ABFF000
|
heap
|
page read and write
|
||
1DED6680000
|
heap
|
page read and write
|
||
7FFD9B8C5000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6F0000
|
trusted library allocation
|
page read and write
|
||
2C80000
|
heap
|
page read and write
|
||
7FFD9B8E0000
|
trusted library allocation
|
page read and write
|
||
1B5CE000
|
heap
|
page read and write
|
||
16D0000
|
heap
|
page read and write
|
||
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6D0000
|
trusted library allocation
|
page read and write
|
||
1767000
|
heap
|
page read and write
|
||
1B230000
|
heap
|
page read and write
|
||
7FFD9B8C0000
|
trusted library allocation
|
page read and write
|
||
1C903000
|
stack
|
page read and write
|
||
7FFD9B904000
|
trusted library allocation
|
page read and write
|
||
2BAE000
|
stack
|
page read and write
|
||
7FFD9BB25000
|
trusted library allocation
|
page read and write
|
||
7FFD9B8A1000
|
trusted library allocation
|
page read and write
|
||
1B430000
|
heap
|
page read and write
|
||
7FFD9B770000
|
trusted library allocation
|
page execute and read and write
|
||
1B110000
|
heap
|
page read and write
|
||
7FFD9B910000
|
trusted library allocation
|
page execute and read and write
|
||
1BD10000
|
heap
|
page execute and read and write
|
||
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
7FFD9B6FB000
|
trusted library allocation
|
page execute and read and write
|
||
31B0000
|
heap
|
page read and write
|
||
7FFD9B6ED000
|
trusted library allocation
|
page execute and read and write
|
||
1098000
|
heap
|
page read and write
|
There are 306 hidden memdumps, click here to show them.