Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
It8DXmSFEk.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\It8DXmSFEk.exe
|
"C:\Users\user\Desktop\It8DXmSFEk.exe"
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\Desktop\It8DXmSFEk.exe" "It8DXmSFEk.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
19.ip.gl.ply.gg
|
147.185.221.19
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.19
|
19.ip.gl.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1BE30000
|
trusted library section
|
page read and write
|
|
|
|
3551000
|
trusted library allocation
|
page read and write
|
|
|
|
186641C4000
|
heap
|
page read and write
|
||
|
186661ED000
|
heap
|
page read and write
|
||
|
2A000
|
trusted library allocation
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
7FF848E30000
|
trusted library allocation
|
page read and write
|
||
|
186641CF000
|
heap
|
page read and write
|
||
|
18664126000
|
heap
|
page read and write
|
||
|
186641F2000
|
heap
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
186661DE000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
2571CFE000
|
stack
|
page read and write
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
38A8000
|
trusted library allocation
|
page read and write
|
||
|
18664220000
|
heap
|
page read and write
|
||
|
186641CF000
|
heap
|
page read and write
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
186661D6000
|
heap
|
page read and write
|
||
|
186641CE000
|
heap
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
186661B4000
|
heap
|
page read and write
|
||
|
186661B8000
|
heap
|
page read and write
|
||
|
186641F2000
|
heap
|
page read and write
|
||
|
1695000
|
heap
|
page read and write
|
||
|
1866416D000
|
heap
|
page read and write
|
||
|
7FF848E40000
|
trusted library allocation
|
page read and write
|
||
|
3B90000
|
trusted library allocation
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
1BEF3000
|
heap
|
page read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
186661DA000
|
heap
|
page read and write
|
||
|
186641B5000
|
heap
|
page read and write
|
||
|
186661D5000
|
heap
|
page read and write
|
||
|
1415000
|
heap
|
page read and write
|
||
|
1A1E000
|
stack
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
7FF848E46000
|
trusted library allocation
|
page read and write
|
||
|
186661DE000
|
heap
|
page read and write
|
||
|
1866415B000
|
heap
|
page read and write
|
||
|
18665D00000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
186641B4000
|
heap
|
page read and write
|
||
|
186641D1000
|
heap
|
page read and write
|
||
|
186661E4000
|
heap
|
page read and write
|
||
|
18665C60000
|
heap
|
page read and write
|
||
|
1C428000
|
heap
|
page read and write
|
||
|
18664160000
|
heap
|
page read and write
|
||
|
186641D1000
|
heap
|
page read and write
|
||
|
186661B4000
|
heap
|
page read and write
|
||
|
186641BC000
|
heap
|
page read and write
|
||
|
186661B8000
|
heap
|
page read and write
|
||
|
18664164000
|
heap
|
page read and write
|
||
|
7FF848E22000
|
trusted library allocation
|
page execute and read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
7FF848E53000
|
trusted library allocation
|
page execute and read and write
|
||
|
186641BF000
|
heap
|
page read and write
|
||
|
186641C9000
|
heap
|
page read and write
|
||
|
1C380000
|
heap
|
page read and write
|
||
|
18664109000
|
heap
|
page read and write
|
||
|
35BA000
|
trusted library allocation
|
page read and write
|
||
|
186661E0000
|
heap
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
18664176000
|
heap
|
page read and write
|
||
|
143C000
|
heap
|
page read and write
|
||
|
7FF848E2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
18664194000
|
heap
|
page read and write
|
||
|
1504000
|
heap
|
page read and write
|
||
|
186641FE000
|
heap
|
page read and write
|
||
|
145E000
|
heap
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
1BC24000
|
heap
|
page read and write
|
||
|
1522000
|
heap
|
page read and write
|
||
|
1A63000
|
heap
|
page read and write
|
||
|
18664173000
|
heap
|
page read and write
|
||
|
1866416C000
|
heap
|
page read and write
|
||
|
18664165000
|
heap
|
page read and write
|
||
|
186661E1000
|
heap
|
page read and write
|
||
|
186661AA000
|
heap
|
page read and write
|
||
|
257175E000
|
stack
|
page read and write
|
||
|
1866416C000
|
heap
|
page read and write
|
||
|
7FF848EEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
186641B8000
|
heap
|
page read and write
|
||
|
186661B4000
|
heap
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
186661A1000
|
heap
|
page read and write
|
||
|
186641F6000
|
heap
|
page read and write
|
||
|
1866414C000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
186661A7000
|
heap
|
page read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
186661ED000
|
heap
|
page read and write
|
||
|
1866416A000
|
heap
|
page read and write
|
||
|
7FF848EFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
18666180000
|
heap
|
page read and write
|
||
|
1866418F000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
186661D5000
|
heap
|
page read and write
|
||
|
186641B1000
|
heap
|
page read and write
|
||
|
186641D1000
|
heap
|
page read and write
|
||
|
186641FA000
|
heap
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
18664163000
|
heap
|
page read and write
|
||
|
18666165000
|
heap
|
page read and write
|
||
|
18664160000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
186661D8000
|
heap
|
page read and write
|
||
|
13557000
|
trusted library allocation
|
page read and write
|
||
|
186641FE000
|
heap
|
page read and write
|
||
|
186641C9000
|
heap
|
page read and write
|
||
|
186641F2000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
186641B2000
|
heap
|
page read and write
|
||
|
186641BC000
|
heap
|
page read and write
|
||
|
186641CE000
|
heap
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
186641F7000
|
heap
|
page read and write
|
||
|
186661E8000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
186641D3000
|
heap
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
186641CA000
|
heap
|
page read and write
|
||
|
1C580000
|
heap
|
page read and write
|
||
|
2571AFE000
|
unkown
|
page read and write
|
||
|
14AE000
|
heap
|
page read and write
|
||
|
186641CC000
|
heap
|
page read and write
|
||
|
18664198000
|
heap
|
page read and write
|
||
|
186661D6000
|
heap
|
page read and write
|
||
|
186641CF000
|
heap
|
page read and write
|
||
|
7FF848F22000
|
trusted library allocation
|
page execute and read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
18664163000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
18664160000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
186641C1000
|
heap
|
page read and write
|
||
|
186641B3000
|
heap
|
page read and write
|
||
|
186661A4000
|
heap
|
page read and write
|
||
|
186641CD000
|
heap
|
page read and write
|
||
|
1BEB0000
|
trusted library section
|
page read and write
|
||
|
18664100000
|
heap
|
page read and write
|
||
|
18664191000
|
heap
|
page read and write
|
||
|
186661DE000
|
heap
|
page read and write
|
||
|
186641B1000
|
heap
|
page read and write
|
||
|
18664166000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
18664330000
|
heap
|
page read and write
|
||
|
7FF848E84000
|
trusted library allocation
|
page execute and read and write
|
||
|
186641C9000
|
heap
|
page read and write
|
||
|
186641F9000
|
heap
|
page read and write
|
||
|
186641C1000
|
heap
|
page read and write
|
||
|
1913000
|
heap
|
page execute and read and write
|
||
|
186641BE000
|
heap
|
page read and write
|
||
|
1BF75000
|
stack
|
page read and write
|
||
|
186641B8000
|
heap
|
page read and write
|
||
|
186641CF000
|
heap
|
page read and write
|
||
|
186641F2000
|
heap
|
page read and write
|
||
|
162E000
|
stack
|
page read and write
|
||
|
18664200000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
18664163000
|
heap
|
page read and write
|
||
|
186641C3000
|
heap
|
page read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
7FF848F62000
|
trusted library allocation
|
page read and write
|
||
|
186641FB000
|
heap
|
page read and write
|
||
|
18666160000
|
heap
|
page read and write
|
||
|
1436000
|
heap
|
page read and write
|
||
|
7FF4A9140000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848EF5000
|
trusted library allocation
|
page read and write
|
||
|
186641BC000
|
heap
|
page read and write
|
||
|
186661E6000
|
heap
|
page read and write
|
||
|
25720FF000
|
stack
|
page read and write
|
||
|
186661A0000
|
heap
|
page read and write
|
||
|
18666140000
|
heap
|
page read and write
|
||
|
186661A8000
|
heap
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
7FF848E32000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C6000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
7FF848E4F000
|
trusted library allocation
|
page execute and read and write
|
||
|
13551000
|
trusted library allocation
|
page read and write
|
||
|
18664178000
|
heap
|
page read and write
|
||
|
186641C9000
|
heap
|
page read and write
|
||
|
1866416A000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
1496000
|
heap
|
page read and write
|
||
|
18664198000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
1910000
|
heap
|
page execute and read and write
|
||
|
186641B4000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
152E000
|
heap
|
page read and write
|
||
|
2571BFD000
|
stack
|
page read and write
|
||
|
1B5B0000
|
trusted library allocation
|
page read and write
|
||
|
18664174000
|
heap
|
page read and write
|
||
|
186641C4000
|
heap
|
page read and write
|
||
|
18664335000
|
heap
|
page read and write
|
||
|
186661B8000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
F60000
|
unkown
|
page readonly
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
7FF4A9130000
|
trusted library allocation
|
page execute and read and write
|
||
|
2571761000
|
stack
|
page read and write
|
||
|
1866416C000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
186661B4000
|
heap
|
page read and write
|
||
|
186641F4000
|
heap
|
page read and write
|
||
|
12F4000
|
stack
|
page read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
186641B5000
|
heap
|
page read and write
|
||
|
13555000
|
trusted library allocation
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
186661D4000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A66000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
1BEF0000
|
heap
|
page read and write
|
||
|
18666141000
|
heap
|
page read and write
|
||
|
14F8000
|
heap
|
page read and write
|
||
|
18664151000
|
heap
|
page read and write
|
||
|
7FF848F66000
|
trusted library allocation
|
page read and write
|
||
|
1866417B000
|
heap
|
page read and write
|
||
|
18664020000
|
heap
|
page read and write
|
||
|
18664194000
|
heap
|
page read and write
|
||
|
1BE2D000
|
stack
|
page read and write
|
||
|
186661DE000
|
heap
|
page read and write
|
||
|
1A60000
|
heap
|
page read and write
|
||
|
186641F2000
|
heap
|
page read and write
|
||
|
1690000
|
heap
|
page read and write
|
||
|
186661A0000
|
heap
|
page read and write
|
||
|
18666180000
|
heap
|
page read and write
|
||
|
18664165000
|
heap
|
page read and write
|
||
|
18665CF0000
|
heap
|
page read and write
|
||
|
7FF848EE2000
|
trusted library allocation
|
page execute and read and write
|
||
|
186641CE000
|
heap
|
page read and write
|
||
|
2571FFE000
|
stack
|
page read and write
|
||
|
1C310000
|
heap
|
page execute and read and write
|
||
|
186641BD000
|
heap
|
page read and write
|
||
|
18F0000
|
trusted library allocation
|
page read and write
|
||
|
1C5A0000
|
heap
|
page read and write
|
||
|
186641B0000
|
heap
|
page read and write
|
||
|
1866418C000
|
heap
|
page read and write
|
||
|
F42000
|
unkown
|
page readonly
|
||
|
186641CF000
|
heap
|
page read and write
|
||
|
257176E000
|
stack
|
page read and write
|
||
|
1C10E000
|
stack
|
page read and write
|
||
|
18664194000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page execute and read and write
|
||
|
3571000
|
trusted library allocation
|
page read and write
|
||
|
186661E0000
|
heap
|
page read and write
|
||
|
186641F9000
|
heap
|
page read and write
|
||
|
1BF39000
|
stack
|
page read and write
|
||
|
7FF848EFA000
|
trusted library allocation
|
page execute and read and write
|
||
|
18664179000
|
heap
|
page read and write
|
||
|
18664198000
|
heap
|
page read and write
|
||
|
186661ED000
|
heap
|
page read and write
|
||
|
1866416A000
|
heap
|
page read and write
|
There are 260 hidden memdumps, click here to show them.