Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\1727246228bf52474d96d0c91d76eecd39cfb06284f20ad0f3e787fb96b50f595788ca18c5809.dat-decoded.exe
|
"C:\Users\user\Desktop\1727246228bf52474d96d0c91d76eecd39cfb06284f20ad0f3e787fb96b50f595788ca18c5809.dat-decoded.exe"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://go.microsoft.
|
unknown
|
||
|
http://go.microsoft.LinkId=42127
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
notificadoresrma.duckdns.org
|
46.246.14.12
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.246.14.12
|
notificadoresrma.duckdns.org
|
Sweden
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
||
|
HKEY_CURRENT_USER\SOFTWARE\a388ab2ca3be4
|
[kl]
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
B72000
|
unkown
|
page readonly
|
|
|
|
53CC000
|
stack
|
page read and write
|
||
|
1342000
|
trusted library allocation
|
page execute and read and write
|
||
|
5488000
|
stack
|
page read and write
|
||
|
1161000
|
heap
|
page read and write
|
||
|
112E000
|
heap
|
page read and write
|
||
|
5320000
|
trusted library allocation
|
page execute and read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5503000
|
heap
|
page read and write
|
||
|
1372000
|
trusted library allocation
|
page execute and read and write
|
||
|
540B000
|
stack
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
trusted library allocation
|
page read and write
|
||
|
11C9000
|
heap
|
page read and write
|
||
|
138B000
|
trusted library allocation
|
page execute and read and write
|
||
|
31B9000
|
trusted library allocation
|
page read and write
|
||
|
521C000
|
stack
|
page read and write
|
||
|
5148000
|
trusted library allocation
|
page read and write
|
||
|
73CBD000
|
unkown
|
page read and write
|
||
|
54C0000
|
unclassified section
|
page read and write
|
||
|
B78000
|
unkown
|
page readonly
|
||
|
135A000
|
trusted library allocation
|
page execute and read and write
|
||
|
55AE000
|
stack
|
page read and write
|
||
|
582E000
|
stack
|
page read and write
|
||
|
F36000
|
stack
|
page read and write
|
||
|
120F000
|
heap
|
page read and write
|
||
|
17A0000
|
heap
|
page read and write
|
||
|
1334000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page read and write
|
||
|
73CA0000
|
unkown
|
page readonly
|
||
|
7F920000
|
trusted library allocation
|
page execute and read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
73CA1000
|
unkown
|
page execute read
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
137A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
544C000
|
stack
|
page read and write
|
||
|
3141000
|
trusted library allocation
|
page read and write
|
||
|
14EE000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
F39000
|
stack
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
73CBF000
|
unkown
|
page readonly
|
||
|
1352000
|
trusted library allocation
|
page execute and read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
1387000
|
trusted library allocation
|
page execute and read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
59B0000
|
heap
|
page read and write
|
||
|
73CB6000
|
unkown
|
page readonly
|
||
|
109E000
|
stack
|
page read and write
|
||
|
1367000
|
trusted library allocation
|
page execute and read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
E3A000
|
stack
|
page read and write
|
||
|
3195000
|
trusted library allocation
|
page read and write
|
||
|
131E000
|
stack
|
page read and write
|
||
|
11D8000
|
heap
|
page read and write
|
||
|
136A000
|
trusted library allocation
|
page execute and read and write
|
||
|
54F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F6000
|
heap
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page execute and read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
15EE000
|
stack
|
page read and write
|
||
|
531D000
|
stack
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
1116000
|
heap
|
page read and write
|
||
|
1382000
|
trusted library allocation
|
page read and write
|
||
|
4141000
|
trusted library allocation
|
page read and write
|
||
|
5500000
|
heap
|
page read and write
|
||
|
112B000
|
heap
|
page read and write
|
||
|
134A000
|
trusted library allocation
|
page execute and read and write
|
||
|
F56000
|
heap
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
There are 72 hidden memdumps, click here to show them.