Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\17271537053ca49cf970bc914dfc18e987727639e68cac8cdbaf5596d2540364fa99c47e76618.dat-decoded.exe
|
"C:\Users\user\Desktop\17271537053ca49cf970bc914dfc18e987727639e68cac8cdbaf5596d2540364fa99c47e76618.dat-decoded.exe"
|
 |
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
michael2009nj.duckdns.org
|
186.169.89.218
|
|
|
|
198.187.3.20.in-addr.arpa
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
186.169.89.218
|
michael2009nj.duckdns.org
|
Colombia
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
||
|
HKEY_CURRENT_USER\SOFTWARE\bf4e531b630e4de6ab2
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E22000
|
unkown
|
page readonly
|
|
|
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
180E000
|
stack
|
page read and write
|
||
|
133E000
|
stack
|
page read and write
|
||
|
EBA000
|
stack
|
page read and write
|
||
|
12F0000
|
heap
|
page read and write
|
||
|
13FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B1000
|
heap
|
page read and write
|
||
|
1517000
|
heap
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
5740000
|
heap
|
page read and write
|
||
|
142A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4451000
|
trusted library allocation
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
567C000
|
stack
|
page read and write
|
||
|
147B000
|
heap
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
5D50000
|
heap
|
page read and write
|
||
|
5DB0000
|
heap
|
page read and write
|
||
|
56BB000
|
stack
|
page read and write
|
||
|
570C000
|
stack
|
page read and write
|
||
|
594F000
|
stack
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
1402000
|
trusted library allocation
|
page execute and read and write
|
||
|
55EE000
|
stack
|
page read and write
|
||
|
FB9000
|
stack
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
34F0000
|
trusted library allocation
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
1422000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F2000
|
trusted library allocation
|
page execute and read and write
|
||
|
1376000
|
heap
|
page read and write
|
||
|
7F0C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
147E000
|
heap
|
page read and write
|
||
|
1417000
|
trusted library allocation
|
page execute and read and write
|
||
|
5743000
|
heap
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
194C000
|
stack
|
page read and write
|
||
|
1432000
|
trusted library allocation
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
34A7000
|
trusted library allocation
|
page read and write
|
||
|
345E000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
heap
|
page execute and read and write
|
||
|
3483000
|
trusted library allocation
|
page read and write
|
||
|
34E5000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
trusted library allocation
|
page read and write
|
||
|
140A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13E8000
|
trusted library allocation
|
page read and write
|
||
|
5D40000
|
heap
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page execute and read and write
|
||
|
5789000
|
stack
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
34D0000
|
trusted library allocation
|
page read and write
|
||
|
3451000
|
trusted library allocation
|
page read and write
|
||
|
34CC000
|
trusted library allocation
|
page read and write
|
||
|
37EB000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
141A000
|
trusted library allocation
|
page execute and read and write
|
||
|
57F0000
|
unclassified section
|
page read and write
|
||
|
5458000
|
trusted library allocation
|
page read and write
|
||
|
1346000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
14DC000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
13BE000
|
stack
|
page read and write
|
||
|
143B000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB6000
|
stack
|
page read and write
|
||
|
3851000
|
trusted library allocation
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
E28000
|
unkown
|
page readonly
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
1437000
|
trusted library allocation
|
page execute and read and write
|
||
|
1210000
|
heap
|
page read and write
|
There are 70 hidden memdumps, click here to show them.