Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
RanSomWarek.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RanSomWarek.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\RanSomWarek.exe
|
"C:\Users\user\Desktop\RanSomWarek.exe"
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
171.39.242.20.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2ECE000
|
stack
|
page read and write
|
||
|
11F2000
|
heap
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
11B2000
|
heap
|
page read and write
|
||
|
11B6000
|
heap
|
page read and write
|
||
|
5BE0000
|
heap
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
1155000
|
heap
|
page read and write
|
||
|
5BF0000
|
heap
|
page read and write
|
||
|
553E000
|
trusted library allocation
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
168B000
|
trusted library allocation
|
page execute and read and write
|
||
|
167A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
552B000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
8725000
|
heap
|
page read and write
|
||
|
119B000
|
heap
|
page read and write
|
||
|
A39F000
|
stack
|
page read and write
|
||
|
10F7000
|
stack
|
page read and write
|
||
|
788E000
|
stack
|
page read and write
|
||
|
770E000
|
stack
|
page read and write
|
||
|
5C0D000
|
heap
|
page read and write
|
||
|
165D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
8721000
|
heap
|
page read and write
|
||
|
D50000
|
unkown
|
page readonly
|
||
|
1179000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library section
|
page read and write
|
||
|
1687000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EF0000
|
heap
|
page read and write
|
||
|
1676000
|
trusted library allocation
|
page execute and read and write
|
||
|
55E0000
|
heap
|
page read and write
|
||
|
3001000
|
trusted library allocation
|
page read and write
|
||
|
5D90000
|
trusted library allocation
|
page read and write
|
||
|
50DC000
|
stack
|
page read and write
|
||
|
554D000
|
trusted library allocation
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
1670000
|
trusted library allocation
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
7EB0000
|
trusted library allocation
|
page read and write
|
||
|
1682000
|
trusted library allocation
|
page read and write
|
||
|
2EE0000
|
heap
|
page execute and read and write
|
||
|
11B8000
|
heap
|
page read and write
|
||
|
5640000
|
trusted library allocation
|
page execute and read and write
|
||
|
4001000
|
trusted library allocation
|
page read and write
|
||
|
7470000
|
trusted library allocation
|
page read and write
|
||
|
1653000
|
trusted library allocation
|
page execute and read and write
|
||
|
1204000
|
heap
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page execute and read and write
|
||
|
57E3000
|
heap
|
page execute and read and write
|
||
|
16B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D60000
|
heap
|
page execute and read and write
|
||
|
51DD000
|
stack
|
page read and write
|
||
|
11A5000
|
heap
|
page read and write
|
||
|
166D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
5610000
|
trusted library allocation
|
page execute and read and write
|
||
|
7376000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
55E3000
|
heap
|
page read and write
|
||
|
117E000
|
heap
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
16C0000
|
trusted library allocation
|
page read and write
|
||
|
1197000
|
heap
|
page read and write
|
||
|
D52000
|
unkown
|
page readonly
|
||
|
151E000
|
stack
|
page read and write
|
||
|
59D0000
|
heap
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
7480000
|
trusted library allocation
|
page execute and read and write
|
||
|
5948000
|
heap
|
page read and write
|
||
|
5920000
|
trusted library section
|
page readonly
|
||
|
568E000
|
stack
|
page read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
1654000
|
trusted library allocation
|
page read and write
|
||
|
591B000
|
stack
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
124B000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
74CE000
|
stack
|
page read and write
|
||
|
5546000
|
trusted library allocation
|
page read and write
|
||
|
8710000
|
heap
|
page read and write
|
||
|
4009000
|
trusted library allocation
|
page read and write
|
||
|
5BFB000
|
heap
|
page read and write
|
||
|
5C16000
|
heap
|
page read and write
|
||
|
16EA000
|
heap
|
page read and write
|
||
|
57E0000
|
heap
|
page execute and read and write
|
||
|
5930000
|
heap
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
16A0000
|
trusted library allocation
|
page read and write
|
||
|
8753000
|
heap
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
7A52000
|
trusted library allocation
|
page read and write
|
||
|
5ADE000
|
stack
|
page read and write
|
||
|
307C000
|
trusted library allocation
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
DF8000
|
stack
|
page read and write
|
||
|
D5E000
|
unkown
|
page readonly
|
||
|
7350000
|
heap
|
page read and write
|
||
|
5565000
|
trusted library allocation
|
page read and write
|
||
|
161F000
|
stack
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page read and write
|
||
|
5990000
|
trusted library allocation
|
page execute and read and write
|
||
|
5980000
|
heap
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
774E000
|
stack
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
5541000
|
trusted library allocation
|
page read and write
|
There are 109 hidden memdumps, click here to show them.