Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ZipThis.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Program Files\ZipThis\zipthisUserId.txt
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\SMCR\userId.txt
|
ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ZipThis.exe
|
"C:\Users\user\Desktop\ZipThis.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.indiantypefoundry.com
|
unknown
|
||
|
https://www.zipthisapp.com/legal
|
unknown
|
||
|
https://www.zipthisapp.com/see-you-later
|
unknown
|
||
|
https://can.thisilient.com/r
|
unknown
|
||
|
https://www.zipthisapp.com/legal?
|
unknown
|
||
|
https://visit.keyguardai.com/click?pid=496&offer_id=14039178
|
unknown
|
||
|
http://www.colophon-foundry.org
|
unknown
|
||
|
https://github.com/rsms/inter)
|
unknown
|
||
|
https://apb.thisilient.com/v6
|
45.33.84.9
|
||
|
http://scripts.sil.org/OFLhttps://rsms.me/Rasmus
|
unknown
|
||
|
https://www.zipthisapp.com/policy
|
unknown
|
||
|
https://key-guard.io/terms-of-use?
|
unknown
|
||
|
http://scripts.sil.org/OFLhttps://www.indiantypefoundry.comhttp://www.colophon-foundry.orgColophon
|
unknown
|
||
|
https://www.zipthisapp.com/policy?
|
unknown
|
||
|
http://scripts.sil.org/OFL
|
unknown
|
||
|
https://apb.thisilient.com/v6h
|
unknown
|
||
|
https://rsms.me/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://apb.thisilient.com
|
unknown
|
||
|
http://scripts.sil.org/OFLThis
|
unknown
|
||
|
http://scripts.sil.org/OFLital
|
unknown
|
||
|
https://www.zipthisapp.com/success?u=wSoftware
|
unknown
|
||
|
https://key-guard.io/privacy-policy?
|
unknown
|
There are 13 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
apb.thisilient.com
|
45.33.84.9
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.33.84.9
|
apb.thisilient.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ZipThis_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFD9B60C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBBC000
|
heap
|
page read and write
|
||
|
9D333FE000
|
stack
|
page read and write
|
||
|
1A9ECFC0000
|
heap
|
page read and write
|
||
|
1A9ECF7E000
|
heap
|
page read and write
|
||
|
1A9F071D000
|
heap
|
page read and write
|
||
|
7FF40D183000
|
trusted library allocation
|
page execute read
|
||
|
1A9EA89C000
|
heap
|
page read and write
|
||
|
1A9ED060000
|
trusted library section
|
page readonly
|
||
|
1A9ECB7B000
|
heap
|
page read and write
|
||
|
1A9F0715000
|
heap
|
page read and write
|
||
|
1A9F0631000
|
heap
|
page read and write
|
||
|
7FFD9B5D4000
|
trusted library allocation
|
page read and write
|
||
|
1A9F1680000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D184000
|
trusted library allocation
|
page readonly
|
||
|
1A9EC220000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B696000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9ECC10000
|
heap
|
page read and write
|
||
|
7FF40D196000
|
trusted library allocation
|
page readonly
|
||
|
1A9ECC2D000
|
heap
|
page read and write
|
||
|
1A9F05FB000
|
heap
|
page read and write
|
||
|
1A9F070D000
|
heap
|
page read and write
|
||
|
7FFD9B7D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E5000
|
trusted library allocation
|
page read and write
|
||
|
1A9ED037000
|
heap
|
page read and write
|
||
|
1A9EC270000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B860000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBB1000
|
heap
|
page read and write
|
||
|
1A9F067A000
|
heap
|
page read and write
|
||
|
1A9EA730000
|
heap
|
page read and write
|
||
|
1A9ECC20000
|
heap
|
page read and write
|
||
|
7FFD9B660000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D19D000
|
trusted library allocation
|
page execute read
|
||
|
7FFD9B759000
|
trusted library allocation
|
page read and write
|
||
|
1A98050E000
|
trusted library allocation
|
page read and write
|
||
|
1A9ED170000
|
trusted library allocation
|
page read and write
|
||
|
1A9EC900000
|
heap
|
page execute and read and write
|
||
|
1A9ED03B000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0588000
|
heap
|
page read and write
|
||
|
1A9ECEA0000
|
heap
|
page read and write
|
||
|
1A9ECBA2000
|
heap
|
page read and write
|
||
|
1A9EA710000
|
heap
|
page read and write
|
||
|
1A9ECF37000
|
heap
|
page read and write
|
||
|
7FFD9B5DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9ECC5D000
|
heap
|
page read and write
|
||
|
1A9ECB54000
|
heap
|
page read and write
|
||
|
1A9ECC08000
|
heap
|
page read and write
|
||
|
7FFD9B666000
|
trusted library allocation
|
page read and write
|
||
|
9D347F4000
|
stack
|
page read and write
|
||
|
1A9EA2F2000
|
unkown
|
page readonly
|
||
|
1A9EA630000
|
heap
|
page read and write
|
||
|
1A9ECC0D000
|
heap
|
page read and write
|
||
|
1A9EC0E0000
|
heap
|
page execute and read and write
|
||
|
1A980474000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0A54000
|
trusted library allocation
|
page read and write
|
||
|
9D367FB000
|
stack
|
page read and write
|
||
|
7FFD9B814000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECB1E000
|
heap
|
page read and write
|
||
|
7FFD9B5B0000
|
trusted library allocation
|
page read and write
|
||
|
1A9807CD000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA7A9000
|
heap
|
page read and write
|
||
|
1A9EA7BC000
|
heap
|
page read and write
|
||
|
1A9ED034000
|
heap
|
page read and write
|
||
|
7FFD9B5B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
9D33FFE000
|
stack
|
page read and write
|
||
|
1A9F067D000
|
heap
|
page read and write
|
||
|
7FF40D19E000
|
trusted library allocation
|
page readonly
|
||
|
9D32FF3000
|
stack
|
page read and write
|
||
|
1A9F0489000
|
heap
|
page read and write
|
||
|
1A9EC090000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D192000
|
trusted library allocation
|
page readonly
|
||
|
1A9EC0F3000
|
heap
|
page read and write
|
||
|
1A9EA7DC000
|
heap
|
page read and write
|
||
|
7FF40D193000
|
trusted library allocation
|
page execute read
|
||
|
7FF40D195000
|
trusted library allocation
|
page execute read
|
||
|
1A9EA795000
|
heap
|
page read and write
|
||
|
1A9801A5000
|
trusted library allocation
|
page read and write
|
||
|
1A9F07E6000
|
heap
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B796000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D187000
|
trusted library allocation
|
page execute read
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBAD000
|
heap
|
page read and write
|
||
|
1A9F0A72000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0658000
|
heap
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1A98060C000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBCC000
|
heap
|
page read and write
|
||
|
1A9ECB10000
|
heap
|
page read and write
|
||
|
1A9F06C2000
|
heap
|
page read and write
|
||
|
1A9ECE60000
|
heap
|
page read and write
|
||
|
1A9ECB96000
|
heap
|
page read and write
|
||
|
1A9ECF14000
|
heap
|
page read and write
|
||
|
1A9F1660000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA80A000
|
heap
|
page read and write
|
||
|
1A9ECB1A000
|
heap
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A98069C000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECC06000
|
heap
|
page read and write
|
||
|
7FFD9B5BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B82A000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0E50000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D181000
|
trusted library allocation
|
page execute read
|
||
|
7FF40D197000
|
trusted library allocation
|
page execute read
|
||
|
7FFD9B5CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9EA790000
|
heap
|
page read and write
|
||
|
7FFD9B750000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7DA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7EF000
|
trusted library allocation
|
page read and write
|
||
|
1A9EAA35000
|
heap
|
page read and write
|
||
|
7FFD9B848000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D185000
|
trusted library allocation
|
page execute read
|
||
|
1A9ED200000
|
trusted library allocation
|
page read and write
|
||
|
1A980001000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBFE000
|
heap
|
page read and write
|
||
|
1A9EC953000
|
heap
|
page read and write
|
||
|
1A980613000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D1A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B762000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B835000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBDA000
|
heap
|
page read and write
|
||
|
1A9F0553000
|
heap
|
page read and write
|
||
|
7FFD9B818000
|
trusted library allocation
|
page read and write
|
||
|
9D36FFB000
|
stack
|
page read and write
|
||
|
1A9801A3000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0719000
|
heap
|
page read and write
|
||
|
7FF40D182000
|
trusted library allocation
|
page readonly
|
||
|
7FFD9B798000
|
trusted library allocation
|
page read and write
|
||
|
1A9F05E7000
|
heap
|
page read and write
|
||
|
1A9ECA80000
|
trusted library allocation
|
page read and write
|
||
|
1A990001000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B6D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9ED070000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9F04D5000
|
heap
|
page read and write
|
||
|
1A9ECB28000
|
heap
|
page read and write
|
||
|
1A9ECB24000
|
heap
|
page read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A9806EE000
|
trusted library allocation
|
page read and write
|
||
|
1A9ED180000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0470000
|
heap
|
page read and write
|
||
|
9D3290F000
|
stack
|
page read and write
|
||
|
9D363FB000
|
stack
|
page read and write
|
||
|
1A9F0502000
|
heap
|
page read and write
|
||
|
7FFD9B7F3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5B2000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA7A0000
|
heap
|
page read and write
|
||
|
9D35FFF000
|
stack
|
page read and write
|
||
|
9D353FB000
|
stack
|
page read and write
|
||
|
7FFD9B8A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D19C000
|
trusted library allocation
|
page readonly
|
||
|
1A9ECB73000
|
heap
|
page read and write
|
||
|
1A9ECB9D000
|
heap
|
page read and write
|
||
|
7FFD9B5C3000
|
trusted library allocation
|
page read and write
|
||
|
1A980366000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0484000
|
heap
|
page read and write
|
||
|
9D37FFF000
|
stack
|
page read and write
|
||
|
1A9EC060000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECE6F000
|
heap
|
page read and write
|
||
|
9D35BFD000
|
stack
|
page read and write
|
||
|
1A9EC230000
|
heap
|
page read and write
|
||
|
1A9F0603000
|
heap
|
page read and write
|
||
|
1A9ECE8B000
|
heap
|
page read and write
|
||
|
7FFD9B7FA000
|
trusted library allocation
|
page read and write
|
||
|
1A9F06BD000
|
heap
|
page read and write
|
||
|
1A9ECA90000
|
heap
|
page execute and read and write
|
||
|
1A9ECF1F000
|
heap
|
page read and write
|
||
|
7FFD9B7B7000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA893000
|
heap
|
page read and write
|
||
|
1A9F1650000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECB6F000
|
heap
|
page read and write
|
||
|
1A9ECFBB000
|
heap
|
page read and write
|
||
|
1A9ECB2E000
|
heap
|
page read and write
|
||
|
9D343FC000
|
stack
|
page read and write
|
||
|
7FF40D191000
|
trusted library allocation
|
page execute read
|
||
|
1A9F04A0000
|
heap
|
page read and write
|
||
|
1A9F04E3000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBC7000
|
heap
|
page read and write
|
||
|
1A98058D000
|
trusted library allocation
|
page read and write
|
||
|
1A9F050C000
|
heap
|
page read and write
|
||
|
1A9ECC36000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7E0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B83F000
|
trusted library allocation
|
page read and write
|
||
|
1A9F26A0000
|
heap
|
page read and write
|
||
|
1A9F071B000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECB57000
|
heap
|
page read and write
|
||
|
1A9801B6000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBF7000
|
heap
|
page read and write
|
||
|
7FFD9B66C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF40D19F000
|
trusted library allocation
|
page execute read
|
||
|
1A9F049E000
|
heap
|
page read and write
|
||
|
1A9ECFFF000
|
heap
|
page read and write
|
||
|
1A9802F9000
|
trusted library allocation
|
page read and write
|
||
|
1A9803F2000
|
trusted library allocation
|
page read and write
|
||
|
1A9EC093000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5B4000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA7DF000
|
heap
|
page read and write
|
||
|
1A9F05F6000
|
heap
|
page read and write
|
||
|
1A9F1670000
|
trusted library allocation
|
page read and write
|
||
|
1A9ED044000
|
heap
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
1A9F0504000
|
heap
|
page read and write
|
||
|
1A9F16B0000
|
trusted library allocation
|
page read and write
|
||
|
1A9EAA30000
|
heap
|
page read and write
|
||
|
7FFD9B7C4000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA2F0000
|
unkown
|
page readonly
|
||
|
1A98021E000
|
trusted library allocation
|
page read and write
|
||
|
9D357FB000
|
stack
|
page read and write
|
||
|
1A9ECF07000
|
heap
|
page read and write
|
||
|
7FFD9B7EA000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D180000
|
trusted library allocation
|
page readonly
|
||
|
9D328CE000
|
stack
|
page read and write
|
||
|
1A9ECB9A000
|
heap
|
page read and write
|
||
|
1A98064A000
|
trusted library allocation
|
page read and write
|
||
|
1A9EC200000
|
heap
|
page read and write
|
||
|
1A9EC080000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECFCA000
|
heap
|
page read and write
|
||
|
7FF40D194000
|
trusted library allocation
|
page readonly
|
||
|
1A980604000
|
trusted library allocation
|
page read and write
|
||
|
1A980744000
|
trusted library allocation
|
page read and write
|
||
|
1A9EA750000
|
heap
|
page read and write
|
||
|
1A9ECFC3000
|
heap
|
page read and write
|
||
|
1A9F0664000
|
heap
|
page read and write
|
||
|
1A980198000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECA93000
|
heap
|
page execute and read and write
|
||
|
1A9801B2000
|
trusted library allocation
|
page read and write
|
||
|
1A9F1690000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECBC0000
|
heap
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
1A9ECED5000
|
heap
|
page read and write
|
||
|
1A9EC950000
|
heap
|
page read and write
|
||
|
7FFD9B7E3000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5C0000
|
trusted library allocation
|
page read and write
|
||
|
7FF40D186000
|
trusted library allocation
|
page readonly
|
There are 236 hidden memdumps, click here to show them.