Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
USD 510,800.bat.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\USD 510,800.bat.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
|
Extensible storage user DataBase, version 0x620, checksum 0x79636fb0, page size 32768, DirtyShutdown, Windows version 10.0
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm
|
OpenPGP Public Key
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\USD 510,800.bat.exe
|
"C:\Users\user\Desktop\USD 510,800.bat.exe"
|
|
|
|
C:\Users\user\Desktop\USD 510,800.bat.exe
|
"C:\Users\user\Desktop\USD 510,800.bat.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\dllhost.exe
|
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.office.com/
|
unknown
|
||
|
https://api.ip.sb/ip
|
unknown
|
||
|
https://M365CDN.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=EL
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaot
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingth
|
unknown
|
||
|
https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
|
unknown
|
||
|
https://discord.com/api/v9/users/
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=wsb
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingrms
|
unknown
|
||
|
https://api.ip.s
|
unknown
|
||
|
https://aefd.nelreports.net/api/report?cat=bingaotak
|
unknown
|
||
|
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
|
unknown
|
||
|
https://deff.nelreports.net/api/report?cat=msn
|
unknown
|
||
|
https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
|
unknown
|
There are 4 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4262000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
4095000
|
trusted library allocation
|
page read and write
|
|
|
|
4019000
|
trusted library allocation
|
page read and write
|
|
|
|
1620000
|
trusted library allocation
|
page read and write
|
||
|
57D5000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
heap
|
page execute and read and write
|
||
|
16B2000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
3539000
|
trusted library allocation
|
page read and write
|
||
|
158E000
|
stack
|
page read and write
|
||
|
3565000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
trusted library allocation
|
page read and write
|
||
|
172E000
|
stack
|
page read and write
|
||
|
33D2000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
3533000
|
trusted library allocation
|
page read and write
|
||
|
111B000
|
heap
|
page read and write
|
||
|
456000
|
remote allocation
|
page execute and read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
34D3000
|
trusted library allocation
|
page read and write
|
||
|
5900000
|
heap
|
page read and write
|
||
|
8C7E000
|
heap
|
page read and write
|
||
|
34D5000
|
trusted library allocation
|
page read and write
|
||
|
130B000
|
trusted library allocation
|
page execute and read and write
|
||
|
34E4000
|
trusted library allocation
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
58C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3516000
|
trusted library allocation
|
page read and write
|
||
|
57B4000
|
trusted library allocation
|
page read and write
|
||
|
6100000
|
heap
|
page read and write
|
||
|
1641000
|
trusted library allocation
|
page read and write
|
||
|
1693000
|
trusted library allocation
|
page read and write
|
||
|
1684000
|
trusted library allocation
|
page read and write
|
||
|
357C000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
34B2000
|
trusted library allocation
|
page read and write
|
||
|
34FF000
|
trusted library allocation
|
page read and write
|
||
|
57CF000
|
trusted library allocation
|
page read and write
|
||
|
8C5C000
|
heap
|
page read and write
|
||
|
10D4000
|
heap
|
page read and write
|
||
|
1357000
|
stack
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
3537000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
144E000
|
stack
|
page read and write
|
||
|
162B000
|
trusted library allocation
|
page read and write
|
||
|
34EA000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
5850000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
12ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
77CE000
|
stack
|
page read and write
|
||
|
58FF000
|
trusted library section
|
page readonly
|
||
|
579D000
|
trusted library allocation
|
page read and write
|
||
|
12F6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3520000
|
trusted library allocation
|
page read and write
|
||
|
8C36000
|
heap
|
page read and write
|
||
|
71D0000
|
heap
|
page read and write
|
||
|
17D5000
|
heap
|
page read and write
|
||
|
5B30000
|
heap
|
page execute and read and write
|
||
|
183E000
|
heap
|
page read and write
|
||
|
8C6E000
|
heap
|
page read and write
|
||
|
3200000
|
heap
|
page execute and read and write
|
||
|
3440000
|
trusted library allocation
|
page read and write
|
||
|
347D000
|
trusted library allocation
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
60D0000
|
heap
|
page read and write
|
||
|
A49F000
|
stack
|
page read and write
|
||
|
12C0000
|
trusted library allocation
|
page read and write
|
||
|
311B000
|
stack
|
page read and write
|
||
|
16BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
34A3000
|
trusted library allocation
|
page read and write
|
||
|
5530000
|
heap
|
page read and write
|
||
|
3130000
|
trusted library allocation
|
page read and write
|
||
|
5C3E000
|
stack
|
page read and write
|
||
|
8D6E000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
57A2000
|
trusted library allocation
|
page read and write
|
||
|
1683000
|
trusted library allocation
|
page execute and read and write
|
||
|
A39E000
|
stack
|
page read and write
|
||
|
168D000
|
trusted library allocation
|
page execute and read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
3011000
|
trusted library allocation
|
page read and write
|
||
|
1775000
|
heap
|
page read and write
|
||
|
3471000
|
trusted library allocation
|
page read and write
|
||
|
17D1000
|
heap
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
351A000
|
trusted library allocation
|
page read and write
|
||
|
16E7000
|
heap
|
page read and write
|
||
|
BFA000
|
unkown
|
page readonly
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
34EE000
|
trusted library allocation
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page read and write
|
||
|
578E000
|
trusted library allocation
|
page read and write
|
||
|
8C53000
|
heap
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
5774000
|
trusted library allocation
|
page read and write
|
||
|
3554000
|
trusted library allocation
|
page read and write
|
||
|
3535000
|
trusted library allocation
|
page read and write
|
||
|
A59E000
|
stack
|
page read and write
|
||
|
5796000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
heap
|
page execute and read and write
|
||
|
4311000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
5C50000
|
heap
|
page read and write
|
||
|
12D3000
|
trusted library allocation
|
page execute and read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
78D2000
|
trusted library allocation
|
page read and write
|
||
|
740E000
|
stack
|
page read and write
|
||
|
3497000
|
trusted library allocation
|
page read and write
|
||
|
10DF000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
34E6000
|
trusted library allocation
|
page read and write
|
||
|
34F5000
|
trusted library allocation
|
page read and write
|
||
|
1748000
|
heap
|
page read and write
|
||
|
5480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A10000
|
trusted library allocation
|
page read and write
|
||
|
8C88000
|
heap
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
193F000
|
stack
|
page read and write
|
||
|
12D4000
|
trusted library allocation
|
page read and write
|
||
|
5510000
|
trusted library section
|
page readonly
|
||
|
550B000
|
stack
|
page read and write
|
||
|
169D000
|
trusted library allocation
|
page execute and read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
3548000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
1768000
|
heap
|
page read and write
|
||
|
8C30000
|
heap
|
page read and write
|
||
|
5880000
|
trusted library allocation
|
page read and write
|
||
|
5863000
|
heap
|
page read and write
|
||
|
349F000
|
trusted library allocation
|
page read and write
|
||
|
15CB000
|
stack
|
page read and write
|
||
|
1000000
|
heap
|
page read and write
|
||
|
10A0000
|
heap
|
page read and write
|
||
|
5A45000
|
heap
|
page read and write
|
||
|
3495000
|
trusted library allocation
|
page read and write
|
||
|
7DB0000
|
trusted library section
|
page read and write
|
||
|
164D000
|
trusted library allocation
|
page read and write
|
||
|
577B000
|
trusted library allocation
|
page read and write
|
||
|
1307000
|
trusted library allocation
|
page execute and read and write
|
||
|
16AA000
|
trusted library allocation
|
page execute and read and write
|
||
|
164E000
|
stack
|
page read and write
|
||
|
8C50000
|
heap
|
page read and write
|
||
|
F87000
|
stack
|
page read and write
|
||
|
B12000
|
unkown
|
page readonly
|
||
|
104E000
|
stack
|
page read and write
|
||
|
76FD000
|
stack
|
page read and write
|
||
|
1119000
|
heap
|
page read and write
|
||
|
2E28000
|
trusted library allocation
|
page read and write
|
||
|
5791000
|
trusted library allocation
|
page read and write
|
||
|
34BC000
|
trusted library allocation
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
5850000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
34EC000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
353F000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library section
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page execute and read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
7DAE000
|
stack
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
34CD000
|
trusted library allocation
|
page read and write
|
||
|
181D000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
4011000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
34E8000
|
trusted library allocation
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
355B000
|
trusted library allocation
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
58E5000
|
heap
|
page read and write
|
||
|
182B000
|
heap
|
page read and write
|
||
|
3563000
|
trusted library allocation
|
page read and write
|
||
|
34A1000
|
trusted library allocation
|
page read and write
|
||
|
354C000
|
trusted library allocation
|
page read and write
|
||
|
3505000
|
trusted library allocation
|
page read and write
|
||
|
1807000
|
heap
|
page read and write
|
||
|
510C000
|
stack
|
page read and write
|
||
|
5C40000
|
heap
|
page read and write
|
||
|
5520000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A40000
|
heap
|
page read and write
|
||
|
305B000
|
trusted library allocation
|
page read and write
|
||
|
354E000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
34CF000
|
trusted library allocation
|
page read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
1677000
|
heap
|
page read and write
|
||
|
8E6E000
|
stack
|
page read and write
|
||
|
3501000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page execute and read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
349D000
|
trusted library allocation
|
page read and write
|
||
|
8C74000
|
heap
|
page read and write
|
||
|
A69E000
|
stack
|
page read and write
|
||
|
8C64000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
3491000
|
trusted library allocation
|
page read and write
|
||
|
16A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3423000
|
trusted library allocation
|
page read and write
|
||
|
577E000
|
trusted library allocation
|
page read and write
|
||
|
1646000
|
trusted library allocation
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A50000
|
trusted library section
|
page read and write
|
||
|
33CE000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
trusted library allocation
|
page read and write
|
||
|
349B000
|
trusted library allocation
|
page read and write
|
||
|
3503000
|
trusted library allocation
|
page read and write
|
||
|
E8A000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
1652000
|
trusted library allocation
|
page read and write
|
||
|
60E0000
|
heap
|
page read and write
|
||
|
33CA000
|
trusted library allocation
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
3507000
|
trusted library allocation
|
page read and write
|
||
|
354A000
|
trusted library allocation
|
page read and write
|
||
|
10E1000
|
heap
|
page read and write
|
||
|
16B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
351C000
|
trusted library allocation
|
page read and write
|
||
|
764E000
|
stack
|
page read and write
|
||
|
34B4000
|
trusted library allocation
|
page read and write
|
||
|
34DA000
|
trusted library allocation
|
page read and write
|
||
|
34BE000
|
trusted library allocation
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
7FB70000
|
trusted library allocation
|
page execute and read and write
|
||
|
351E000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
5563000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
3518000
|
trusted library allocation
|
page read and write
|
||
|
3524000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
heap
|
page read and write
|
||
|
34B6000
|
trusted library allocation
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page execute and read and write
|
||
|
3373000
|
trusted library allocation
|
page read and write
|
||
|
12FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A15000
|
trusted library allocation
|
page read and write
|
||
|
3550000
|
trusted library allocation
|
page read and write
|
||
|
3427000
|
trusted library allocation
|
page read and write
|
||
|
1302000
|
trusted library allocation
|
page read and write
|
||
|
72D0000
|
heap
|
page read and write
|
||
|
10AE000
|
heap
|
page read and write
|
||
|
8C69000
|
heap
|
page read and write
|
||
|
58B0000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
5472000
|
trusted library allocation
|
page read and write
|
||
|
16A2000
|
trusted library allocation
|
page read and write
|
||
|
5ADB000
|
stack
|
page read and write
|
||
|
16B0000
|
trusted library allocation
|
page read and write
|
||
|
3311000
|
trusted library allocation
|
page read and write
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
||
|
1259000
|
stack
|
page read and write
|
||
|
353B000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
trusted library allocation
|
page read and write
|
||
|
5870000
|
trusted library allocation
|
page execute and read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
750E000
|
stack
|
page read and write
|
||
|
1545000
|
heap
|
page read and write
|
||
|
17DD000
|
heap
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
163E000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
1605000
|
trusted library allocation
|
page read and write
|
||
|
3522000
|
trusted library allocation
|
page read and write
|
||
|
12DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3557000
|
trusted library allocation
|
page read and write
|
||
|
342B000
|
trusted library allocation
|
page read and write
|
||
|
33FD000
|
trusted library allocation
|
page read and write
|
||
|
10C6000
|
heap
|
page read and write
|
||
|
115F000
|
heap
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
774F000
|
stack
|
page read and write
|
||
|
1624000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
1828000
|
heap
|
page read and write
|
||
|
8C7A000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
3531000
|
trusted library allocation
|
page read and write
|
||
|
352D000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
B10000
|
unkown
|
page readonly
|
||
|
540C000
|
stack
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
3552000
|
trusted library allocation
|
page read and write
|
||
|
73D0000
|
heap
|
page read and write
|
||
|
353D000
|
trusted library allocation
|
page read and write
|
||
|
58F0000
|
trusted library section
|
page readonly
|
||
|
3499000
|
trusted library allocation
|
page read and write
|
There are 298 hidden memdumps, click here to show them.