Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
a.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\JAVWK.bat
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\JAVWK.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\a.exe
|
"C:\Users\user\Desktop\a.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe
|
"C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\JAVWK.bat" "
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\reg.exe
|
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "sidebar" /t REG_SZ /d "C:\Users\user\AppData\Roaming\SystemWindows\WindowsService.exe"
/f
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
sidebar
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
63C000
|
heap
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
4A8000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
2A20000
|
heap
|
page read and write
|
||
|
2040000
|
trusted library allocation
|
page execute read
|
||
|
2A29000
|
heap
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2200000
|
heap
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
21F6000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2B59000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
98F000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
556000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
213E000
|
stack
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
57D000
|
stack
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
406000
|
unkown
|
page readonly
|
||
|
410000
|
heap
|
page read and write
|
||
|
505000
|
heap
|
page read and write
|
||
|
21B0000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2E4F000
|
stack
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
4AE000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page read and write
|
||
|
4BC000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2BE0000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
19B000
|
stack
|
page read and write
|
||
|
20A9000
|
heap
|
page read and write
|
||
|
502000
|
heap
|
page read and write
|
||
|
215E000
|
stack
|
page read and write
|
||
|
2180000
|
trusted library allocation
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
9CE000
|
stack
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
23CE000
|
stack
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
2260000
|
trusted library allocation
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
21C4000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
51A000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
30EF000
|
stack
|
page read and write
|
||
|
5A0000
|
trusted library allocation
|
page execute read
|
||
|
7CF000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
2FEE000
|
stack
|
page read and write
|
||
|
2045000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
2090000
|
heap
|
page read and write
|
||
|
29A0000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
238E000
|
stack
|
page read and write
|
||
|
533000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5D9000
|
heap
|
page read and write
|
||
|
2255000
|
heap
|
page read and write
|
||
|
A0F000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
336F000
|
stack
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
2B50000
|
heap
|
page read and write
|
||
|
2C14000
|
heap
|
page read and write
|
||
|
5BD000
|
stack
|
page read and write
|
||
|
405000
|
unkown
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
2A00000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
23E0000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
22B5000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2120000
|
heap
|
page read and write
|
||
|
2040000
|
heap
|
page read and write
|
||
|
2B30000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
671000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
46E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
2174000
|
heap
|
page read and write
|
||
|
22C0000
|
trusted library allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
2080000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2FAF000
|
stack
|
page read and write
|
||
|
4AA000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
A68000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
28C0000
|
heap
|
page read and write
|
||
|
20D4000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
51E000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
500000
|
heap
|
page read and write
|
||
|
213E000
|
stack
|
page read and write
|
||
|
2070000
|
heap
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
20D0000
|
heap
|
page read and write
|
||
|
2D2F000
|
stack
|
page read and write
|
||
|
2AB0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
580000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
2D4F000
|
stack
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
4C4000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
A10000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2170000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
9A000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2050000
|
trusted library allocation
|
page execute read
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
587000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
211E000
|
stack
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
5C0000
|
trusted library allocation
|
page execute read
|
There are 155 hidden memdumps, click here to show them.