Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
sbuvJk8Zn8.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\sbuvJk8Zn8.exe.log
|
CSV text
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\XenoManager\sbuvJk8Zn8.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\XenoManager\sbuvJk8Zn8.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\0554brsm.scd
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\2kpofmcl.euu
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\dshnpapp.zb0
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\fkqsh3fn.jdr
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ght5z2pd.jfv
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\l4bvddre.tkw
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rsmtai3e.klh
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\xvu3kzsi.rmq
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\znhngz5e.cyk
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\sbuvJk8Zn8.exe
|
"C:\Users\user\Desktop\sbuvJk8Zn8.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\XenoManager\sbuvJk8Zn8.exe
|
"C:\Users\user\AppData\Roaming\XenoManager\sbuvJk8Zn8.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
2.58.85.196
|
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
There are 5 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
171.39.242.20.in-addr.arpa
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
2.58.85.196
|
unknown
|
Lithuania
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EA1000
|
trusted library allocation
|
page read and write
|
|
|
|
432000
|
unkown
|
page readonly
|
|
|
|
62F0000
|
trusted library section
|
page read and write
|
|
|
|
65E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E80000
|
trusted library allocation
|
page read and write
|
||
|
643F000
|
trusted library allocation
|
page read and write
|
||
|
78C1000
|
trusted library allocation
|
page read and write
|
||
|
3019000
|
trusted library allocation
|
page read and write
|
||
|
2E70000
|
heap
|
page execute and read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
7860000
|
trusted library allocation
|
page read and write
|
||
|
6A20000
|
trusted library allocation
|
page read and write
|
||
|
3116000
|
trusted library allocation
|
page read and write
|
||
|
644A000
|
trusted library allocation
|
page read and write
|
||
|
6C25000
|
trusted library allocation
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
12E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
D67000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
6028000
|
heap
|
page read and write
|
||
|
1161000
|
heap
|
page read and write
|
||
|
43E000
|
unkown
|
page readonly
|
||
|
25C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
3EB3000
|
trusted library allocation
|
page read and write
|
||
|
2720000
|
heap
|
page execute and read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
2C9F000
|
stack
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
61EE000
|
stack
|
page read and write
|
||
|
6438000
|
trusted library allocation
|
page read and write
|
||
|
1358000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
7826000
|
trusted library allocation
|
page read and write
|
||
|
4F1E000
|
stack
|
page read and write
|
||
|
6830000
|
trusted library allocation
|
page execute and read and write
|
||
|
3EB1000
|
trusted library allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
6C11000
|
trusted library allocation
|
page read and write
|
||
|
3067000
|
trusted library allocation
|
page read and write
|
||
|
3F0A000
|
trusted library allocation
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
5FDE000
|
heap
|
page read and write
|
||
|
616B000
|
stack
|
page read and write
|
||
|
2731000
|
trusted library allocation
|
page read and write
|
||
|
5E70000
|
heap
|
page read and write
|
||
|
2CDC000
|
stack
|
page read and write
|
||
|
25F0000
|
heap
|
page execute and read and write
|
||
|
97E000
|
heap
|
page read and write
|
||
|
89E000
|
stack
|
page read and write
|
||
|
555B000
|
stack
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
D59000
|
stack
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
6990000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
6500000
|
trusted library allocation
|
page read and write
|
||
|
3059000
|
trusted library allocation
|
page read and write
|
||
|
2CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
64D0000
|
trusted library allocation
|
page read and write
|
||
|
782E000
|
trusted library allocation
|
page read and write
|
||
|
563E000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
62EF000
|
stack
|
page read and write
|
||
|
5D9000
|
stack
|
page read and write
|
||
|
3F27000
|
trusted library allocation
|
page read and write
|
||
|
5E6A000
|
stack
|
page read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
541E000
|
stack
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page read and write
|
||
|
EED000
|
stack
|
page read and write
|
||
|
3F20000
|
trusted library allocation
|
page read and write
|
||
|
8DE000
|
heap
|
page read and write
|
||
|
784D000
|
trusted library allocation
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
13F7000
|
heap
|
page read and write
|
||
|
7820000
|
trusted library allocation
|
page read and write
|
||
|
7846000
|
trusted library allocation
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
6C40000
|
trusted library allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
6512000
|
trusted library allocation
|
page read and write
|
||
|
771A000
|
stack
|
page read and write
|
||
|
6510000
|
trusted library allocation
|
page read and write
|
||
|
7841000
|
trusted library allocation
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
30AE000
|
trusted library allocation
|
page read and write
|
||
|
5ACF000
|
stack
|
page read and write
|
||
|
6422000
|
trusted library allocation
|
page read and write
|
||
|
57F0000
|
trusted library allocation
|
page read and write
|
||
|
6445000
|
trusted library allocation
|
page read and write
|
||
|
5C8C000
|
stack
|
page read and write
|
||
|
EF5000
|
heap
|
page read and write
|
||
|
515F000
|
stack
|
page read and write
|
||
|
6C29000
|
trusted library allocation
|
page read and write
|
||
|
782B000
|
trusted library allocation
|
page read and write
|
||
|
6C50000
|
trusted library allocation
|
page read and write
|
||
|
12DF000
|
stack
|
page read and write
|
||
|
598C000
|
stack
|
page read and write
|
||
|
6468000
|
trusted library allocation
|
page read and write
|
||
|
F3E000
|
stack
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
850000
|
heap
|
page read and write
|
||
|
8F9000
|
heap
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
63F0000
|
trusted library allocation
|
page read and write
|
||
|
541B000
|
stack
|
page read and write
|
||
|
10CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6429000
|
trusted library allocation
|
page read and write
|
||
|
63F3000
|
trusted library allocation
|
page read and write
|
||
|
3EAB000
|
trusted library allocation
|
page read and write
|
||
|
7880000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DFD000
|
stack
|
page read and write
|
||
|
65D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
918000
|
heap
|
page read and write
|
||
|
694B000
|
stack
|
page read and write
|
||
|
565C000
|
stack
|
page read and write
|
||
|
271E000
|
stack
|
page read and write
|
||
|
D34000
|
trusted library allocation
|
page read and write
|
||
|
1195000
|
heap
|
page read and write
|
||
|
6022000
|
heap
|
page read and write
|
||
|
67C0000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
5A8C000
|
stack
|
page read and write
|
||
|
2CF0000
|
heap
|
page read and write
|
||
|
6C17000
|
trusted library allocation
|
page read and write
|
||
|
C2F000
|
stack
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
6460000
|
trusted library allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
6400000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
trusted library allocation
|
page read and write
|
||
|
4DC000
|
stack
|
page read and write
|
||
|
783E000
|
trusted library allocation
|
page read and write
|
||
|
5FB4000
|
heap
|
page read and write
|
||
|
10D2000
|
trusted library allocation
|
page read and write
|
||
|
2610000
|
heap
|
page read and write
|
||
|
12EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
577A000
|
stack
|
page read and write
|
||
|
6C21000
|
trusted library allocation
|
page read and write
|
||
|
8FE000
|
heap
|
page read and write
|
||
|
551E000
|
stack
|
page read and write
|
||
|
7AC0000
|
heap
|
page read and write
|
||
|
6425000
|
trusted library allocation
|
page read and write
|
||
|
6520000
|
trusted library allocation
|
page read and write
|
||
|
5D6C000
|
stack
|
page read and write
|
||
|
644F000
|
trusted library allocation
|
page read and write
|
||
|
3731000
|
trusted library allocation
|
page read and write
|
||
|
109C000
|
stack
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
11D7000
|
heap
|
page read and write
|
||
|
3378000
|
trusted library allocation
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
63F6000
|
trusted library allocation
|
page read and write
|
||
|
55FD000
|
stack
|
page read and write
|
||
|
10DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
3136000
|
trusted library allocation
|
page read and write
|
||
|
3422000
|
trusted library allocation
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page execute and read and write
|
||
|
7818000
|
stack
|
page read and write
|
||
|
10EA000
|
heap
|
page read and write
|
||
|
6008000
|
heap
|
page read and write
|
||
|
5D10000
|
trusted library allocation
|
page read and write
|
||
|
EF9000
|
heap
|
page read and write
|
||
|
10B4000
|
trusted library allocation
|
page read and write
|
||
|
78B0000
|
heap
|
page read and write
|
||
|
FFC20000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
5F70000
|
heap
|
page read and write
|
||
|
601F000
|
heap
|
page read and write
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
48CD000
|
stack
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
57E0000
|
trusted library allocation
|
page read and write
|
||
|
3254000
|
trusted library allocation
|
page read and write
|
||
|
64C0000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
6530000
|
trusted library allocation
|
page execute and read and write
|
||
|
11B3000
|
heap
|
page read and write
|
||
|
2F2F000
|
trusted library allocation
|
page read and write
|
||
|
783A000
|
trusted library allocation
|
page read and write
|
||
|
3262000
|
trusted library allocation
|
page read and write
|
||
|
529E000
|
stack
|
page read and write
|
||
|
7B10000
|
heap
|
page read and write
|
||
|
B10000
|
trusted library allocation
|
page read and write
|
||
|
65C0000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
301D000
|
trusted library allocation
|
page read and write
|
||
|
1122000
|
heap
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
10B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6C60000
|
trusted library allocation
|
page read and write
|
||
|
567C000
|
stack
|
page read and write
|
||
|
6C30000
|
trusted library allocation
|
page execute and read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
2F40000
|
trusted library allocation
|
page read and write
|
||
|
6454000
|
trusted library allocation
|
page read and write
|
||
|
7220000
|
trusted library section
|
page read and write
|
||
|
52DE000
|
stack
|
page read and write
|
||
|
3F10000
|
trusted library allocation
|
page read and write
|
||
|
5C4C000
|
stack
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
134E000
|
stack
|
page read and write
|
||
|
3318000
|
trusted library allocation
|
page read and write
|
||
|
584C000
|
stack
|
page read and write
|
||
|
6450000
|
trusted library allocation
|
page read and write
|
||
|
D44000
|
trusted library allocation
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
7890000
|
trusted library allocation
|
page read and write
|
||
|
5780000
|
trusted library section
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
53DE000
|
stack
|
page read and write
|
||
|
1199000
|
heap
|
page read and write
|
||
|
D6B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3190000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
430000
|
unkown
|
page readonly
|
||
|
C5C000
|
stack
|
page read and write
|
||
|
6820000
|
trusted library allocation
|
page read and write
|
||
|
2E00000
|
trusted library allocation
|
page read and write
|
||
|
D33000
|
trusted library allocation
|
page execute and read and write
|
||
|
7824000
|
trusted library allocation
|
page read and write
|
||
|
3416000
|
trusted library allocation
|
page read and write
|
||
|
6034000
|
heap
|
page read and write
|
||
|
7B13000
|
heap
|
page read and write
|
||
|
6840000
|
heap
|
page read and write
|
||
|
25BD000
|
stack
|
page read and write
|
||
|
57D0000
|
trusted library allocation
|
page read and write
|
||
|
57CE000
|
stack
|
page read and write
|
||
|
2E90000
|
heap
|
page execute and read and write
|
||
|
6C1B000
|
trusted library allocation
|
page read and write
|
||
|
643A000
|
trusted library allocation
|
page read and write
|
||
|
12E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
594C000
|
stack
|
page read and write
|
||
|
6031000
|
heap
|
page read and write
|
||
|
501E000
|
stack
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
7832000
|
trusted library allocation
|
page read and write
|
||
|
6013000
|
heap
|
page read and write
|
||
|
6420000
|
trusted library allocation
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
There are 242 hidden memdumps, click here to show them.