Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
orderconfirmation.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\VBoxDDU.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\VBoxRT.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Virtual.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\ckmfqeimpicbuy
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\VBoxDDU.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\VBoxRT.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\Virtual.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\35453018
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msvcp100.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\msvcr100.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\orvhk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\qtu
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\msvcp100.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\msvcr100.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\orvhk
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\qtu
|
data
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\orderconfirmation.exe
|
"C:\Users\user\Desktop\orderconfirmation.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\Virtual.exe
|
"C:\Users\user\AppData\Local\Temp\Virtual.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\Virtual.exe
|
C:\Users\user\AppData\Roaming\fmBrowserumz_test\Virtual.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\SysWOW64\cmd.exe
|
|
|
|
C:\Windows\SysWOW64\explorer.exe
|
C:\Windows\SysWOW64\explorer.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
stogeneratmns.shop
|
|
||
|
reinforcenh.shop
|
|
||
|
fragnantbui.shop
|
|
||
|
gutterydhowi.shop
|
|
||
|
teenylogicod.shop
|
|
||
|
offensivedzvju.shop
|
|
||
|
drawzhotdog.shop
|
|
||
|
ghostreedmnu.shop
|
|
||
|
vozmeatillu.shop
|
|
||
|
http://www.vmware.com/schema/ovf/1/envelope
|
unknown
|
||
|
http://virtualbox.org/firmware/VBoxEFI64.fd
|
unknown
|
||
|
http://www.openssl.org/support/faq.html....................D:
|
unknown
|
||
|
http://www.vmware.com/0
|
unknown
|
||
|
http://www.vmware.com/interfaces/specifications/vmdk.html#compressedhttp://www.vmware.com/specificat
|
unknown
|
||
|
http://crl3.digicer
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://virtualbox.org/firmware/VBoxEFIDual.fd
|
unknown
|
||
|
http://www.virtualbox.org/ovf/machine
|
unknown
|
||
|
http://www.vmware.com/0/
|
unknown
|
||
|
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
|
unknown
|
||
|
http://c0rl.m%L
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://virtualbox.org/firmware/VBoxEFI32.fdVBoxEFI64.fdhttp://virtualbox.org/firmware/VBoxEFI64.fdVB
|
unknown
|
||
|
http://www.openssl.org/support/faq.html
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0allocating
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://virtualbox.org/firmware/VBoxEFI32.fd
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://www.innotek.de/VirtualBox-settings
|
unknown
|
||
|
http://www.info-zip.org/
|
unknown
|
||
|
http://www.vmware.com/specifications/vmdk.html#compressed
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0
|
unknown
|
||
|
http://curl.haxx.se/rfc/cookie_spec.html
|
unknown
|
||
|
http://www.vmware.com/interfaces/specifications/vmdk.html#streamOptimized
|
unknown
|
||
|
http://www.vmware.com/specifications/vmdk.html#sparse
|
unknown
|
||
|
http://www.vmware.com/interfaces/specifications/vmdk.html#compressed
|
unknown
|
||
|
http://www.vmware.com/specifications/vmdk.html#sparsehttp://www.vmware.com/interfaces/specifications
|
unknown
|
There are 27 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
27D000
|
unkown
|
page readonly
|
|
|
|
2A8E000
|
stack
|
page read and write
|
||
|
33C0000
|
unkown
|
page read and write
|
||
|
5629000
|
direct allocation
|
page read and write
|
||
|
330F000
|
heap
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
7FF605B71000
|
unkown
|
page execute read
|
||
|
500D000
|
heap
|
page read and write
|
||
|
3444000
|
heap
|
page read and write
|
||
|
3DB6000
|
trusted library allocation
|
page read and write
|
||
|
5470000
|
direct allocation
|
page read and write
|
||
|
2A4F000
|
stack
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
61647000
|
unkown
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
244D000
|
heap
|
page read and write
|
||
|
61670000
|
unkown
|
page readonly
|
||
|
DC8000
|
heap
|
page read and write
|
||
|
614F1000
|
unkown
|
page execute read
|
||
|
955000
|
heap
|
page read and write
|
||
|
3691000
|
heap
|
page read and write
|
||
|
2FE7000
|
heap
|
page read and write
|
||
|
5C1000
|
heap
|
page read and write
|
||
|
61736000
|
unkown
|
page readonly
|
||
|
1178000
|
heap
|
page read and write
|
||
|
7FF605E43000
|
unkown
|
page write copy
|
||
|
7FFBAA2E1000
|
unkown
|
page execute read
|
||
|
3B07000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
9AA000
|
stack
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
3E56000
|
unkown
|
page read and write
|
||
|
343F000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
7FFBAAA10000
|
unkown
|
page readonly
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
7FFBAB8A0000
|
unkown
|
page readonly
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
3451000
|
heap
|
page read and write
|
||
|
32AD000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
2D2E000
|
direct allocation
|
page read and write
|
||
|
2D0C000
|
stack
|
page read and write
|
||
|
2540000
|
direct allocation
|
page read and write
|
||
|
32B8000
|
heap
|
page read and write
|
||
|
1542000
|
heap
|
page read and write
|
||
|
E29000
|
heap
|
page read and write
|
||
|
313F000
|
heap
|
page read and write
|
||
|
1170000
|
heap
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
3600000
|
heap
|
page read and write
|
||
|
617DC000
|
unkown
|
page read and write
|
||
|
61652000
|
unkown
|
page execute
|
||
|
E41000
|
heap
|
page read and write
|
||
|
3130000
|
heap
|
page read and write
|
||
|
5500000
|
direct allocation
|
page read and write
|
||
|
58E000
|
heap
|
page read and write
|
||
|
3725000
|
heap
|
page read and write
|
||
|
569E000
|
direct allocation
|
page read and write
|
||
|
7FFBAA6BD000
|
unkown
|
page readonly
|
||
|
31B2000
|
heap
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
2F1E000
|
unkown
|
page read and write
|
||
|
2B9A000
|
stack
|
page read and write
|
||
|
7FFBAADD0000
|
unkown
|
page write copy
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
7FFBAB885000
|
unkown
|
page readonly
|
||
|
41A7000
|
unkown
|
page read and write
|
||
|
6153F000
|
unkown
|
page readonly
|
||
|
33E9000
|
heap
|
page read and write
|
||
|
50A3000
|
trusted library allocation
|
page read and write
|
||
|
3120000
|
heap
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
51A5000
|
heap
|
page read and write
|
||
|
61724000
|
unkown
|
page write copy
|
||
|
117E000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
7FFBAB840000
|
unkown
|
page readonly
|
||
|
30EF000
|
unkown
|
page read and write
|
||
|
3418000
|
heap
|
page read and write
|
||
|
E2F000
|
heap
|
page read and write
|
||
|
6164A000
|
unkown
|
page readonly
|
||
|
5599000
|
direct allocation
|
page read and write
|
||
|
11DC000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
34A0000
|
heap
|
page read and write
|
||
|
312A000
|
heap
|
page read and write
|
||
|
7FFBAAC45000
|
unkown
|
page readonly
|
||
|
5821000
|
unkown
|
page read and write
|
||
|
385B000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
254A000
|
direct allocation
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
61701000
|
unkown
|
page readonly
|
||
|
146D000
|
stack
|
page read and write
|
||
|
377B000
|
heap
|
page read and write
|
||
|
7FFBAB8E5000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
363C000
|
heap
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
61751000
|
unkown
|
page execute read
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
61732000
|
unkown
|
page execute
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
7FF6AEB33000
|
unkown
|
page write copy
|
||
|
7FF6AE861000
|
unkown
|
page execute read
|
||
|
2734000
|
heap
|
page read and write
|
||
|
2CCF000
|
stack
|
page read and write
|
||
|
7FF605D77000
|
unkown
|
page readonly
|
||
|
1548000
|
heap
|
page read and write
|
||
|
3139000
|
heap
|
page read and write
|
||
|
7FF605E53000
|
unkown
|
page readonly
|
||
|
61644000
|
unkown
|
page write copy
|
||
|
7FFBAA2E0000
|
unkown
|
page readonly
|
||
|
7FFBAA6A0000
|
unkown
|
page write copy
|
||
|
61591000
|
unkown
|
page execute read
|
||
|
2441000
|
heap
|
page read and write
|
||
|
2D20000
|
direct allocation
|
page read and write
|
||
|
7FF6AE861000
|
unkown
|
page execute read
|
||
|
1575000
|
heap
|
page read and write
|
||
|
6157F000
|
unkown
|
page read and write
|
||
|
312B000
|
heap
|
page read and write
|
||
|
52C8000
|
heap
|
page read and write
|
||
|
3519000
|
heap
|
page read and write
|
||
|
3330000
|
direct allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
E2F000
|
heap
|
page read and write
|
||
|
617E1000
|
unkown
|
page readonly
|
||
|
61581000
|
unkown
|
page readonly
|
||
|
7FF605B70000
|
unkown
|
page readonly
|
||
|
6172A000
|
unkown
|
page readonly
|
||
|
39D3000
|
heap
|
page read and write
|
||
|
3411000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
3E47000
|
trusted library allocation
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
2441000
|
heap
|
page read and write
|
||
|
53A8000
|
trusted library allocation
|
page read and write
|
||
|
3FCE000
|
unkown
|
page read and write
|
||
|
261E000
|
stack
|
page read and write
|
||
|
4050000
|
unkown
|
page read and write
|
||
|
343D000
|
stack
|
page read and write
|
||
|
7FFBAAA11000
|
unkown
|
page execute read
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
61590000
|
unkown
|
page readonly
|
||
|
7FFBAB8F9000
|
unkown
|
page readonly
|
||
|
617DE000
|
unkown
|
page write copy
|
||
|
7FF605B70000
|
unkown
|
page readonly
|
||
|
280000
|
unkown
|
page write copy
|
||
|
290000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
136D000
|
stack
|
page read and write
|
||
|
5360000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
7FE000
|
stack
|
page read and write
|
||
|
7FFBAB899000
|
unkown
|
page readonly
|
||
|
5190000
|
heap
|
page read and write
|
||
|
28EE000
|
direct allocation
|
page read and write
|
||
|
6157E000
|
unkown
|
page write copy
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
2B58000
|
heap
|
page read and write
|
||
|
280E000
|
stack
|
page read and write
|
||
|
E2F000
|
heap
|
page read and write
|
||
|
2FE0000
|
heap
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
6179F000
|
unkown
|
page readonly
|
||
|
3130000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
D8B000
|
stack
|
page read and write
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
3C50000
|
trusted library allocation
|
page read and write
|
||
|
61671000
|
unkown
|
page execute read
|
||
|
2736000
|
heap
|
page read and write
|
||
|
7FF6AE860000
|
unkown
|
page readonly
|
||
|
505B000
|
trusted library allocation
|
page read and write
|
||
|
3910000
|
trusted library allocation
|
page read and write
|
||
|
DCE000
|
heap
|
page read and write
|
||
|
7FFBAB8F7000
|
unkown
|
page write copy
|
||
|
3520000
|
heap
|
page read and write
|
||
|
7FF605D77000
|
unkown
|
page readonly
|
||
|
490000
|
heap
|
page read and write
|
||
|
5821000
|
unkown
|
page read and write
|
||
|
61621000
|
unkown
|
page readonly
|
||
|
7FF6AEB43000
|
unkown
|
page readonly
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
334C000
|
heap
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
7FFBAA515000
|
unkown
|
page readonly
|
||
|
7FF6AEB43000
|
unkown
|
page readonly
|
||
|
61727000
|
unkown
|
page read and write
|
||
|
334E000
|
heap
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
614F0000
|
unkown
|
page readonly
|
||
|
2633000
|
heap
|
page read and write
|
||
|
1136000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
E2F000
|
heap
|
page read and write
|
||
|
30E0000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
559D000
|
direct allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
41A000
|
unkown
|
page readonly
|
||
|
294E000
|
stack
|
page read and write
|
||
|
3410000
|
heap
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
7FFBAB8A1000
|
unkown
|
page execute read
|
||
|
19A000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
413000
|
unkown
|
page readonly
|
||
|
7FF605E43000
|
unkown
|
page write copy
|
||
|
FBD000
|
stack
|
page read and write
|
||
|
3DD6000
|
trusted library allocation
|
page read and write
|
||
|
7FF6AEA67000
|
unkown
|
page readonly
|
||
|
61750000
|
unkown
|
page readonly
|
||
|
2806000
|
heap
|
page read and write
|
||
|
2CFD000
|
heap
|
page read and write
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
3DC2000
|
trusted library allocation
|
page read and write
|
||
|
61642000
|
unkown
|
page read and write
|
||
|
7FF605E53000
|
unkown
|
page readonly
|
||
|
3A76000
|
trusted library allocation
|
page read and write
|
||
|
7FF6AEB33000
|
unkown
|
page write copy
|
||
|
3490000
|
heap
|
page read and write
|
||
|
28E0000
|
direct allocation
|
page read and write
|
||
|
7FF6AEA67000
|
unkown
|
page readonly
|
||
|
415F000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2FE6000
|
heap
|
page read and write
|
||
|
7FFBAB841000
|
unkown
|
page execute read
|
||
|
3444000
|
heap
|
page read and write
|
||
|
562D000
|
direct allocation
|
page read and write
|
||
|
3630000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
617DF000
|
unkown
|
page read and write
|
||
|
7FF605B71000
|
unkown
|
page execute read
|
||
|
2E0C000
|
stack
|
page read and write
|
||
|
31E0000
|
heap
|
page read and write
|
||
|
31B6000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
6157C000
|
unkown
|
page read and write
|
||
|
7FF6AE860000
|
unkown
|
page readonly
|
||
|
231000
|
unkown
|
page execute read
|
||
|
31EC000
|
stack
|
page read and write
|
||
|
5820000
|
unkown
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
560E000
|
direct allocation
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
3A96000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
direct allocation
|
page read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
7FFBAADED000
|
unkown
|
page readonly
|
||
|
7FFBAB897000
|
unkown
|
page write copy
|
||
|
1110000
|
heap
|
page read and write
|
||
|
3420000
|
heap
|
page read and write
|
||
|
61722000
|
unkown
|
page read and write
|
||
|
61656000
|
unkown
|
page readonly
|
||
|
3A82000
|
trusted library allocation
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
295000
|
unkown
|
page write copy
|
||
|
3444000
|
heap
|
page read and write
|
There are 265 hidden memdumps, click here to show them.