Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3EtS1ncqvJ.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\3EtS1ncqvJ.exe
|
"C:\Users\user\Desktop\3EtS1ncqvJ.exe"
|
|
|
|
C:\Windows\System32\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\Desktop\3EtS1ncqvJ.exe" "3EtS1ncqvJ.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
19.ip.gl.ply.gg
|
147.185.221.19
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
147.185.221.19
|
19.ip.gl.ply.gg
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
EF0000
|
trusted library section
|
page read and write
|
|
|
|
2B11000
|
trusted library allocation
|
page read and write
|
|
|
|
2BE00603000
|
heap
|
page read and write
|
||
|
7FF7C0CE2000
|
trusted library allocation
|
page read and write
|
||
|
2BE0059D000
|
heap
|
page read and write
|
||
|
2BE02656000
|
heap
|
page read and write
|
||
|
7FF7C0CA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005F7000
|
heap
|
page read and write
|
||
|
1B97A000
|
heap
|
page read and write
|
||
|
F57FDFD000
|
stack
|
page read and write
|
||
|
2BE00603000
|
heap
|
page read and write
|
||
|
F57FAFD000
|
stack
|
page read and write
|
||
|
7FF7C0BC0000
|
trusted library allocation
|
page read and write
|
||
|
2BE005D1000
|
heap
|
page read and write
|
||
|
2BE005B4000
|
heap
|
page read and write
|
||
|
7FF7C0CE6000
|
trusted library allocation
|
page read and write
|
||
|
2BE00633000
|
heap
|
page read and write
|
||
|
F25000
|
heap
|
page read and write
|
||
|
2BE0264D000
|
heap
|
page read and write
|
||
|
2BE02630000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
2BE00607000
|
heap
|
page read and write
|
||
|
2BE02651000
|
heap
|
page read and write
|
||
|
2BE005F1000
|
heap
|
page read and write
|
||
|
D66000
|
heap
|
page read and write
|
||
|
2BE02635000
|
heap
|
page read and write
|
||
|
2BE0060D000
|
heap
|
page read and write
|
||
|
2BE005D1000
|
heap
|
page read and write
|
||
|
2BE0059D000
|
heap
|
page read and write
|
||
|
2BE00631000
|
heap
|
page read and write
|
||
|
2BE00634000
|
heap
|
page read and write
|
||
|
2BE005B9000
|
heap
|
page read and write
|
||
|
2BE025B1000
|
heap
|
page read and write
|
||
|
2BE02616000
|
heap
|
page read and write
|
||
|
2BE005AA000
|
heap
|
page read and write
|
||
|
2BE0059E000
|
heap
|
page read and write
|
||
|
2BE00607000
|
heap
|
page read and write
|
||
|
7FF487E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005A2000
|
heap
|
page read and write
|
||
|
A49000
|
heap
|
page read and write
|
||
|
2BE02124000
|
heap
|
page read and write
|
||
|
98C000
|
heap
|
page read and write
|
||
|
7FF7C0C75000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0C7A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005A6000
|
heap
|
page read and write
|
||
|
A03000
|
heap
|
page read and write
|
||
|
1B4F0000
|
heap
|
page read and write
|
||
|
2BE005F5000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
1B980000
|
heap
|
page read and write
|
||
|
2BDD000
|
trusted library allocation
|
page read and write
|
||
|
2BE02114000
|
heap
|
page read and write
|
||
|
2BE02112000
|
heap
|
page read and write
|
||
|
2BE005F5000
|
heap
|
page read and write
|
||
|
2BE02124000
|
heap
|
page read and write
|
||
|
2BE005FF000
|
heap
|
page read and write
|
||
|
2BE005B2000
|
heap
|
page read and write
|
||
|
2BE02616000
|
heap
|
page read and write
|
||
|
9AD000
|
heap
|
page read and write
|
||
|
2BE02113000
|
heap
|
page read and write
|
||
|
2BE005A3000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
2BE00609000
|
heap
|
page read and write
|
||
|
2BE00540000
|
heap
|
page read and write
|
||
|
2BE02656000
|
heap
|
page read and write
|
||
|
1B3ED000
|
stack
|
page read and write
|
||
|
2BE025D0000
|
heap
|
page read and write
|
||
|
1BB90000
|
heap
|
page read and write
|
||
|
2BE00588000
|
heap
|
page read and write
|
||
|
530000
|
unkown
|
page readonly
|
||
|
D70000
|
heap
|
page read and write
|
||
|
2BE005CA000
|
heap
|
page read and write
|
||
|
2BE02634000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
2BE02654000
|
heap
|
page read and write
|
||
|
2BE025F0000
|
heap
|
page read and write
|
||
|
2BE0059E000
|
heap
|
page read and write
|
||
|
2BE005F6000
|
heap
|
page read and write
|
||
|
2BE02651000
|
heap
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
2BE005B8000
|
heap
|
page read and write
|
||
|
2BE005CA000
|
heap
|
page read and write
|
||
|
2BE005B2000
|
heap
|
page read and write
|
||
|
2BE02613000
|
heap
|
page read and write
|
||
|
1BB80000
|
heap
|
page read and write
|
||
|
2BE02630000
|
heap
|
page read and write
|
||
|
2BE02652000
|
heap
|
page read and write
|
||
|
7FF7C0D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0211A000
|
heap
|
page read and write
|
||
|
1B539000
|
stack
|
page read and write
|
||
|
2BE0058C000
|
heap
|
page read and write
|
||
|
2BE005EE000
|
heap
|
page read and write
|
||
|
2BE005B5000
|
heap
|
page read and write
|
||
|
2BE02630000
|
heap
|
page read and write
|
||
|
2BE0063C000
|
heap
|
page read and write
|
||
|
7FF7C0BCF000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE02639000
|
heap
|
page read and write
|
||
|
2BE005A1000
|
heap
|
page read and write
|
||
|
2BE00835000
|
heap
|
page read and write
|
||
|
1B6FE000
|
stack
|
page read and write
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
2BE005EE000
|
heap
|
page read and write
|
||
|
9BC000
|
heap
|
page read and write
|
||
|
2BE00607000
|
heap
|
page read and write
|
||
|
1B5E0000
|
trusted library section
|
page read and write
|
||
|
2BE005F4000
|
heap
|
page read and write
|
||
|
2BE025F0000
|
heap
|
page read and write
|
||
|
12B15000
|
trusted library allocation
|
page read and write
|
||
|
2BE0264D000
|
heap
|
page read and write
|
||
|
945000
|
heap
|
page read and write
|
||
|
2BE02654000
|
heap
|
page read and write
|
||
|
1B575000
|
stack
|
page read and write
|
||
|
D63000
|
heap
|
page read and write
|
||
|
2BE0060E000
|
heap
|
page read and write
|
||
|
27000
|
trusted library allocation
|
page read and write
|
||
|
2BE0264F000
|
heap
|
page read and write
|
||
|
2BE005ED000
|
heap
|
page read and write
|
||
|
2BE005F4000
|
heap
|
page read and write
|
||
|
2BE02646000
|
heap
|
page read and write
|
||
|
7FF7C0C6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005FF000
|
heap
|
page read and write
|
||
|
2BE005AB000
|
heap
|
page read and write
|
||
|
2BE00631000
|
heap
|
page read and write
|
||
|
2BE02654000
|
heap
|
page read and write
|
||
|
2BE02110000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
2BE02630000
|
heap
|
page read and write
|
||
|
550000
|
unkown
|
page readonly
|
||
|
2BE00601000
|
heap
|
page read and write
|
||
|
2BE0059C000
|
heap
|
page read and write
|
||
|
2B8C000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
2E50000
|
trusted library allocation
|
page read and write
|
||
|
2BE00554000
|
heap
|
page read and write
|
||
|
12B17000
|
trusted library allocation
|
page read and write
|
||
|
2BE005CD000
|
heap
|
page read and write
|
||
|
2BE00520000
|
heap
|
page read and write
|
||
|
F57FAF1000
|
stack
|
page read and write
|
||
|
F57FAEE000
|
stack
|
page read and write
|
||
|
2BE02651000
|
heap
|
page read and write
|
||
|
2BE005A3000
|
heap
|
page read and write
|
||
|
F57FBFE000
|
unkown
|
page read and write
|
||
|
1B1EB000
|
heap
|
page read and write
|
||
|
2BE004F0000
|
heap
|
page read and write
|
||
|
2BE0264D000
|
heap
|
page read and write
|
||
|
1B400000
|
trusted library allocation
|
page read and write
|
||
|
2BE00607000
|
heap
|
page read and write
|
||
|
2BE005FA000
|
heap
|
page read and write
|
||
|
F5001FF000
|
stack
|
page read and write
|
||
|
2BE025F0000
|
heap
|
page read and write
|
||
|
2BE005AA000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page execute and read and write
|
||
|
A52000
|
heap
|
page read and write
|
||
|
7FF7C0BB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE00558000
|
heap
|
page read and write
|
||
|
2BE02100000
|
heap
|
page read and write
|
||
|
2BE025F1000
|
heap
|
page read and write
|
||
|
1B4F3000
|
heap
|
page read and write
|
||
|
2BE0263E000
|
heap
|
page read and write
|
||
|
2BE0264D000
|
heap
|
page read and write
|
||
|
2BE020D0000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
2BE005FF000
|
heap
|
page read and write
|
||
|
2BE02656000
|
heap
|
page read and write
|
||
|
2BE0059D000
|
heap
|
page read and write
|
||
|
2BE00639000
|
heap
|
page read and write
|
||
|
1B970000
|
heap
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
12B11000
|
trusted library allocation
|
page read and write
|
||
|
2B28000
|
trusted library allocation
|
page read and write
|
||
|
2BE005B9000
|
heap
|
page read and write
|
||
|
2BE005B5000
|
heap
|
page read and write
|
||
|
7FF7C0BD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0211C000
|
heap
|
page read and write
|
||
|
2BE005AB000
|
heap
|
page read and write
|
||
|
2BE005F2000
|
heap
|
page read and write
|
||
|
2BE00630000
|
heap
|
page read and write
|
||
|
2BE00500000
|
heap
|
page read and write
|
||
|
2BE0263C000
|
heap
|
page read and write
|
||
|
2BE005B9000
|
heap
|
page read and write
|
||
|
2BE005D1000
|
heap
|
page read and write
|
||
|
2BE02118000
|
heap
|
page read and write
|
||
|
2BE005FF000
|
heap
|
page read and write
|
||
|
2BE005A1000
|
heap
|
page read and write
|
||
|
2BE0060A000
|
heap
|
page read and write
|
||
|
DC3000
|
heap
|
page execute and read and write
|
||
|
2BE005EE000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
2BE0264D000
|
heap
|
page read and write
|
||
|
7FF7C0D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005EF000
|
heap
|
page read and write
|
||
|
2BE005ED000
|
heap
|
page read and write
|
||
|
7FF7C0C70000
|
trusted library allocation
|
page read and write
|
||
|
2BE0060A000
|
heap
|
page read and write
|
||
|
2BE005A1000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
2BE025B1000
|
heap
|
page read and write
|
||
|
2BE025D0000
|
heap
|
page read and write
|
||
|
F57FCFE000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
7FF7C0D40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005ED000
|
heap
|
page read and write
|
||
|
2BE00548000
|
heap
|
page read and write
|
||
|
7FF7C0BA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF7C0CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE02125000
|
heap
|
page read and write
|
||
|
2BE00601000
|
heap
|
page read and write
|
||
|
2BE00607000
|
heap
|
page read and write
|
||
|
2BE025F0000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
2BE02650000
|
heap
|
page read and write
|
||
|
2BE005A1000
|
heap
|
page read and write
|
||
|
532000
|
unkown
|
page readonly
|
||
|
2BE0059E000
|
heap
|
page read and write
|
||
|
2BE025D0000
|
heap
|
page read and write
|
||
|
2BE02654000
|
heap
|
page read and write
|
||
|
8F4000
|
stack
|
page read and write
|
||
|
2BE005CA000
|
heap
|
page read and write
|
||
|
7FF7C0BAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0059D000
|
heap
|
page read and write
|
||
|
2BE02616000
|
heap
|
page read and write
|
||
|
2BE005F3000
|
heap
|
page read and write
|
||
|
2BE00601000
|
heap
|
page read and write
|
||
|
2BE00636000
|
heap
|
page read and write
|
||
|
2BE025B0000
|
heap
|
page read and write
|
||
|
2BE005CA000
|
heap
|
page read and write
|
||
|
2BE0211B000
|
heap
|
page read and write
|
||
|
2BE0059D000
|
heap
|
page read and write
|
||
|
1B900000
|
heap
|
page execute and read and write
|
||
|
2BE02631000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
2BE005FD000
|
heap
|
page read and write
|
||
|
2BE0060A000
|
heap
|
page read and write
|
||
|
2BE0212C000
|
heap
|
page read and write
|
||
|
2BE02651000
|
heap
|
page read and write
|
||
|
2BE025B1000
|
heap
|
page read and write
|
||
|
7FF487E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE0060E000
|
heap
|
page read and write
|
||
|
1B9D6000
|
heap
|
page read and write
|
||
|
530000
|
unkown
|
page readonly
|
||
|
7FF7C0C7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005B9000
|
heap
|
page read and write
|
||
|
F5000FE000
|
stack
|
page read and write
|
||
|
2BE0212C000
|
heap
|
page read and write
|
||
|
2BE02630000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2BE00603000
|
heap
|
page read and write
|
||
|
2BE0060A000
|
heap
|
page read and write
|
||
|
2BE0211F000
|
heap
|
page read and write
|
||
|
7FF7C0C62000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005FF000
|
heap
|
page read and write
|
||
|
2BE005FC000
|
heap
|
page read and write
|
||
|
2BE00601000
|
heap
|
page read and write
|
||
|
2BE02124000
|
heap
|
page read and write
|
||
|
2BE0063E000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
2BE005F5000
|
heap
|
page read and write
|
||
|
2BE0060C000
|
heap
|
page read and write
|
||
|
2BE005F7000
|
heap
|
page read and write
|
||
|
1AB70000
|
trusted library allocation
|
page read and write
|
||
|
7FF7C0BB0000
|
trusted library allocation
|
page read and write
|
||
|
9B1000
|
heap
|
page read and write
|
||
|
2BE02657000
|
heap
|
page read and write
|
||
|
7FF7C0C04000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BE005A7000
|
heap
|
page read and write
|
||
|
2BE005A3000
|
heap
|
page read and write
|
||
|
2BE0060E000
|
heap
|
page read and write
|
||
|
2BE00830000
|
heap
|
page read and write
|
There are 261 hidden memdumps, click here to show them.