Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\Music\AviraUpdater\AviraOculus.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://reinforcenh.shop//O9
|
unknown
|
|
|
|
https://vozmeatillu.shop/O9
|
unknown
|
|
|
|
stogeneratmns.shop
|
|
||
|
reinforcenh.shop
|
|
||
|
https://fragnantbui.shop/apip
|
unknown
|
|
|
|
https://vozmeatillu.shop/0
|
unknown
|
|
|
|
https://reinforcenh.shop/api
|
172.67.208.139
|
|
|
|
ghostreedmnu.shop
|
|
||
|
https://reinforcenh.shop/
|
unknown
|
|
|
|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
|
|
|
https://vozmeatillu.shop/api
|
188.114.96.3
|
|
|
|
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
|
|
|
fragnantbui.shop
|
|
||
|
https://offensivedzvju.shop/api
|
188.114.97.3
|
|
|
|
offensivedzvju.shop
|
|
||
|
drawzhotdog.shop
|
|
||
|
https://stogeneratmns.shop/g9
|
unknown
|
|
|
|
vozmeatillu.shop
|
|
||
|
https://drawzhotdog.shop/api
|
172.67.162.108
|
|
|
|
https://reinforcenh.shop:443/api
|
unknown
|
|
|
|
https://gutterydhowi.shop/api
|
104.21.4.136
|
|
|
|
https://reinforcenh.shop/apiiU
|
unknown
|
|
|
|
https://reinforcenh.shop/7
|
unknown
|
|
|
|
https://ballotnwu.site/api
|
172.67.128.144
|
|
|
|
https://player.vimeo.com
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=B0lGn8MokmdT&l=e
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://www.youtube.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://gutterydhowi.shop/
|
unknown
|
||
|
https://ballotnwu.site/hP
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://steam.tv/
|
unknown
|
||
|
https://ghostreedmnu.shop/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dcd
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=WnGP
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://community.akam
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://sketchfab.com
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
|
unknown
|
||
|
https://recaptcha.net/recap8
|
unknown
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://checkout.steampowered.com/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://vozmeatillu.shop/apip
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/;
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
|
unknown
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://offensivedzvju.shop/
|
unknown
|
||
|
https://vozmeatillu.shop/
|
unknown
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=nSnUuYf7g6U1&a
|
unknown
|
||
|
http://piriform.com/go/app_cc_privacy_policy
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://medal.tv
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://ballotnwu.site/cP
|
unknown
|
||
|
https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
https://ballotnwu.site/
|
unknown
|
||
|
https://ghostreedmnu.shop/f
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fragnantbui.shop
|
188.114.97.3
|
|
|
|
gutterydhowi.shop
|
104.21.4.136
|
|
|
|
offensivedzvju.shop
|
188.114.97.3
|
|
|
|
stogeneratmns.shop
|
188.114.96.3
|
|
|
|
reinforcenh.shop
|
172.67.208.139
|
|
|
|
drawzhotdog.shop
|
172.67.162.108
|
|
|
|
ghostreedmnu.shop
|
188.114.97.3
|
|
|
|
vozmeatillu.shop
|
188.114.96.3
|
|
|
|
ballotnwu.site
|
172.67.128.144
|
|
|
|
steamcommunity.com
|
104.102.49.254
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
104.21.4.136
|
gutterydhowi.shop
|
United States
|
|
|
|
188.114.97.3
|
fragnantbui.shop
|
European Union
|
|
|
|
172.67.162.108
|
drawzhotdog.shop
|
United States
|
|
|
|
172.67.128.144
|
ballotnwu.site
|
United States
|
|
|
|
188.114.96.3
|
stogeneratmns.shop
|
European Union
|
|
|
|
172.67.208.139
|
reinforcenh.shop
|
United States
|
|
|
|
104.102.49.254
|
steamcommunity.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
OculusAvira
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2500000
|
direct allocation
|
page execute and read and write
|
|
|
|
7D0000
|
unkown
|
page execute and read and write
|
|
|
|
BEB000
|
heap
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
842000
|
unkown
|
page readonly
|
||
|
C45000
|
heap
|
page read and write
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
852000
|
unkown
|
page execute and read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
DBF000
|
stack
|
page read and write
|
||
|
2970000
|
remote allocation
|
page read and write
|
||
|
2970000
|
remote allocation
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
2934000
|
trusted library allocation
|
page read and write
|
||
|
C2D000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
82B000
|
unkown
|
page readonly
|
||
|
C28000
|
heap
|
page read and write
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
693000
|
unkown
|
page write copy
|
||
|
294B000
|
trusted library allocation
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
C32000
|
heap
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
2560000
|
direct allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
BEA000
|
heap
|
page read and write
|
||
|
BD7000
|
heap
|
page read and write
|
||
|
26C0000
|
direct allocation
|
page read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
26DD000
|
stack
|
page read and write
|
||
|
26D7000
|
direct allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
881000
|
unkown
|
page readonly
|
||
|
C2F000
|
heap
|
page read and write
|
||
|
905000
|
remote allocation
|
page execute and read and write
|
||
|
2862000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
unkown
|
page readonly
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
2AEA000
|
direct allocation
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
C35000
|
heap
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
2A94000
|
direct allocation
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
296F000
|
direct allocation
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
6BA000
|
unkown
|
page write copy
|
||
|
2AFF000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
BEC000
|
heap
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
6BD000
|
unkown
|
page write copy
|
||
|
767000
|
unkown
|
page readonly
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
30BE000
|
stack
|
page read and write
|
||
|
2AA2000
|
direct allocation
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
269D000
|
stack
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
6B7000
|
unkown
|
page read and write
|
||
|
706000
|
unkown
|
page readonly
|
||
|
99A000
|
heap
|
page read and write
|
||
|
C47000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
845000
|
unkown
|
page execute and read and write
|
||
|
2956000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
direct allocation
|
page read and write
|
||
|
2AAB000
|
direct allocation
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
C5F000
|
stack
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
29C2000
|
direct allocation
|
page read and write
|
||
|
C32000
|
heap
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
C28000
|
heap
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
C14000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
C23000
|
heap
|
page read and write
|
||
|
C33000
|
heap
|
page read and write
|
||
|
8FF000
|
remote allocation
|
page execute and read and write
|
||
|
4A4000
|
unkown
|
page execute read
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
839000
|
unkown
|
page readonly
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
C3A000
|
heap
|
page read and write
|
||
|
BD1000
|
heap
|
page read and write
|
||
|
BEB000
|
heap
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
298A000
|
trusted library allocation
|
page read and write
|
||
|
280F000
|
trusted library allocation
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
281E000
|
stack
|
page read and write
|
||
|
2560000
|
trusted library allocation
|
page read and write
|
||
|
307F000
|
stack
|
page read and write
|
||
|
83C000
|
unkown
|
page execute and read and write
|
||
|
693000
|
unkown
|
page read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
C23000
|
heap
|
page read and write
|
||
|
259E000
|
stack
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
A1D000
|
stack
|
page read and write
|
||
|
82E000
|
unkown
|
page execute and read and write
|
||
|
2577000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
C2F000
|
heap
|
page read and write
|
||
|
C27000
|
heap
|
page read and write
|
||
|
B87000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
BC2000
|
heap
|
page read and write
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
759000
|
unkown
|
page readonly
|
||
|
1FC000
|
stack
|
page read and write
|
||
|
29D0000
|
direct allocation
|
page read and write
|
||
|
C23000
|
heap
|
page read and write
|
||
|
BF1000
|
heap
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
6F7000
|
unkown
|
page readonly
|
||
|
C23000
|
heap
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
C03000
|
heap
|
page read and write
|
||
|
C2A000
|
heap
|
page read and write
|
||
|
BF9000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
C33000
|
heap
|
page read and write
|
||
|
95E000
|
stack
|
page read and write
|
||
|
C27000
|
heap
|
page read and write
|
||
|
2BFF000
|
stack
|
page read and write
|
||
|
27DD000
|
stack
|
page read and write
|
||
|
BA9000
|
heap
|
page read and write
|
||
|
BB1000
|
heap
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
C2C000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
2970000
|
remote allocation
|
page read and write
|
||
|
C23000
|
heap
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
2942000
|
trusted library allocation
|
page read and write
|
||
|
BF2000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
884000
|
unkown
|
page execute and read and write
|
||
|
BCF000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
C1E000
|
heap
|
page read and write
|
||
|
BEF000
|
heap
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
There are 184 hidden memdumps, click here to show them.