Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win64.Goshell-A.17848.24860.exe
|
PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Users\user\AppData\Local\Packages\Microsoft.WindowsCalculator_8wekyb3d8bbwe\Settings\settings.dat.LOG1
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win64.Goshell-A.17848.24860.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win64.Goshell-A.17848.24860.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\calc.exe
|
calc
|
||
|
C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe
|
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{24561e1a-c837-d455-9be6-fa7b1cf61d74}\LocalState
|
VeryFirstLaunch
|
||
|
\REGISTRY\A\{24561e1a-c837-d455-9be6-fa7b1cf61d74}\LocalState
|
Mode
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
C38C49C000
|
stack
|
page read and write
|
||
|
C000012000
|
direct allocation
|
page read and write
|
||
|
C000016000
|
direct allocation
|
page read and write
|
||
|
2A40A370000
|
heap
|
page read and write
|
||
|
1BFD1C40000
|
heap
|
page read and write
|
||
|
C0000A0000
|
direct allocation
|
page read and write
|
||
|
4B1000
|
unkown
|
page write copy
|
||
|
2A40A513000
|
heap
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
1BFD1C4C000
|
heap
|
page read and write
|
||
|
2A40B8E7000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
1EDB41E0000
|
heap
|
page read and write
|
||
|
2A403D0F000
|
heap
|
page read and write
|
||
|
2A403D22000
|
heap
|
page read and write
|
||
|
2A406520000
|
heap
|
page read and write
|
||
|
C38C9FC000
|
stack
|
page read and write
|
||
|
54B000
|
unkown
|
page readonly
|
||
|
1BFD1BAB000
|
direct allocation
|
page read and write
|
||
|
2A40B844000
|
heap
|
page read and write
|
||
|
E39BAFF000
|
stack
|
page read and write
|
||
|
2A403DA2000
|
heap
|
page read and write
|
||
|
2A406594000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page read and write
|
||
|
2A403DBE000
|
heap
|
page read and write
|
||
|
1BFD1B80000
|
heap
|
page read and write
|
||
|
2A40B022000
|
trusted library allocation
|
page read and write
|
||
|
1BFD1BA4000
|
direct allocation
|
page read and write
|
||
|
C00009C000
|
direct allocation
|
page read and write
|
||
|
2A406507000
|
heap
|
page read and write
|
||
|
C000094000
|
direct allocation
|
page read and write
|
||
|
E39B2F9000
|
stack
|
page read and write
|
||
|
2A403DF4000
|
heap
|
page read and write
|
||
|
2A40B747000
|
heap
|
page read and write
|
||
|
1BFD1BA9000
|
direct allocation
|
page read and write
|
||
|
2A40A50E000
|
heap
|
page read and write
|
||
|
2A403CFE000
|
heap
|
page read and write
|
||
|
2A403CE6000
|
heap
|
page read and write
|
||
|
2A403CDC000
|
heap
|
page read and write
|
||
|
2A403D7E000
|
heap
|
page read and write
|
||
|
2A40B765000
|
heap
|
page read and write
|
||
|
2A40A5AF000
|
heap
|
page read and write
|
||
|
2A403C43000
|
heap
|
page read and write
|
||
|
2A403DE2000
|
heap
|
page read and write
|
||
|
C000020000
|
direct allocation
|
page read and write
|
||
|
C0000C2000
|
direct allocation
|
page read and write
|
||
|
C000033000
|
direct allocation
|
page read and write
|
||
|
A6153FF000
|
stack
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
1EDB5C70000
|
heap
|
page read and write
|
||
|
2A403CE2000
|
heap
|
page read and write
|
||
|
2A40AFDC000
|
heap
|
page read and write
|
||
|
4C0000
|
unkown
|
page write copy
|
||
|
2A403D88000
|
heap
|
page read and write
|
||
|
1BFD1B60000
|
heap
|
page read and write
|
||
|
2A403DD9000
|
heap
|
page read and write
|
||
|
331000
|
unkown
|
page execute read
|
||
|
2A40B808000
|
heap
|
page read and write
|
||
|
A6159FF000
|
stack
|
page read and write
|
||
|
2A40A390000
|
trusted library allocation
|
page read and write
|
||
|
C0000A6000
|
direct allocation
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
C000014000
|
direct allocation
|
page read and write
|
||
|
2A406526000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page readonly
|
||
|
2A40B749000
|
heap
|
page read and write
|
||
|
2A40B6DC000
|
heap
|
page read and write
|
||
|
2A406513000
|
heap
|
page read and write
|
||
|
1EDB428C000
|
heap
|
page read and write
|
||
|
2A40B759000
|
heap
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
2A40B77F000
|
heap
|
page read and write
|
||
|
5DF000
|
unkown
|
page write copy
|
||
|
2A40B732000
|
heap
|
page read and write
|
||
|
E39BDFC000
|
stack
|
page read and write
|
||
|
2A40B71B000
|
heap
|
page read and write
|
||
|
C38C875000
|
stack
|
page read and write
|
||
|
2A40B900000
|
heap
|
page read and write
|
||
|
E39B6FE000
|
stack
|
page read and write
|
||
|
E39B5FF000
|
stack
|
page read and write
|
||
|
4AA000
|
unkown
|
page read and write
|
||
|
2A40B726000
|
heap
|
page read and write
|
||
|
5DF000
|
unkown
|
page write copy
|
||
|
2A406402000
|
heap
|
page read and write
|
||
|
C38CAFE000
|
stack
|
page read and write
|
||
|
2A40B77A000
|
heap
|
page read and write
|
||
|
E39B0FC000
|
stack
|
page read and write
|
||
|
2A40B6CF000
|
heap
|
page read and write
|
||
|
2A40B74F000
|
heap
|
page read and write
|
||
|
2A403C7B000
|
heap
|
page read and write
|
||
|
E39AB3B000
|
stack
|
page read and write
|
||
|
2A403AF0000
|
heap
|
page read and write
|
||
|
2A403B10000
|
heap
|
page read and write
|
||
|
C000088000
|
direct allocation
|
page read and write
|
||
|
2A40B724000
|
heap
|
page read and write
|
||
|
2A403D61000
|
heap
|
page read and write
|
||
|
2A403D5E000
|
heap
|
page read and write
|
||
|
2A40B6F7000
|
heap
|
page read and write
|
||
|
C0000CE000
|
direct allocation
|
page read and write
|
||
|
C000043000
|
direct allocation
|
page read and write
|
||
|
2A403DEB000
|
heap
|
page read and write
|
||
|
E39B9FC000
|
stack
|
page read and write
|
||
|
1EDB5BD0000
|
heap
|
page read and write
|
||
|
2A406300000
|
heap
|
page read and write
|
||
|
2A403D71000
|
heap
|
page read and write
|
||
|
2A40B70A000
|
heap
|
page read and write
|
||
|
2A40B700000
|
heap
|
page read and write
|
||
|
2A403D13000
|
heap
|
page read and write
|
||
|
2A40A400000
|
heap
|
page read and write
|
||
|
2A403C8B000
|
heap
|
page read and write
|
||
|
2A40A4A5000
|
heap
|
page read and write
|
||
|
1BFD1C49000
|
heap
|
page read and write
|
||
|
2A406577000
|
heap
|
page read and write
|
||
|
1BFD1A80000
|
heap
|
page read and write
|
||
|
1BFD1E50000
|
direct allocation
|
page read and write
|
||
|
2A40B76A000
|
heap
|
page read and write
|
||
|
2A406500000
|
heap
|
page read and write
|
||
|
1EDB5B80000
|
heap
|
page read and write
|
||
|
2A403C2A000
|
heap
|
page read and write
|
||
|
2A40B600000
|
heap
|
page read and write
|
||
|
2A40B862000
|
heap
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
C38C59E000
|
stack
|
page read and write
|
||
|
2A40B765000
|
heap
|
page read and write
|
||
|
A615BFF000
|
stack
|
page read and write
|
||
|
C0000AA000
|
direct allocation
|
page read and write
|
||
|
2A40B800000
|
heap
|
page read and write
|
||
|
1BFD1BA0000
|
direct allocation
|
page read and write
|
||
|
E39BCFC000
|
stack
|
page read and write
|
||
|
C000084000
|
direct allocation
|
page read and write
|
||
|
2A403DB1000
|
heap
|
page read and write
|
||
|
2A403D82000
|
heap
|
page read and write
|
||
|
C0000C6000
|
direct allocation
|
page read and write
|
||
|
C000010000
|
direct allocation
|
page read and write
|
||
|
1EDB41D0000
|
heap
|
page read and write
|
||
|
2A40AE02000
|
heap
|
page read and write
|
||
|
2A403D25000
|
heap
|
page read and write
|
||
|
1BFD1C04000
|
direct allocation
|
page read and write
|
||
|
2A403D0A000
|
heap
|
page read and write
|
||
|
1EDB5C75000
|
heap
|
page read and write
|
||
|
C38C51F000
|
stack
|
page read and write
|
||
|
2A405B00000
|
trusted library allocation
|
page read and write
|
||
|
432000
|
unkown
|
page readonly
|
||
|
2A40B737000
|
heap
|
page read and write
|
||
|
7FF4D98C3000
|
trusted library allocation
|
page execute read
|
||
|
C0000D8000
|
direct allocation
|
page read and write
|
||
|
2A403D35000
|
heap
|
page read and write
|
||
|
2A40A42C000
|
heap
|
page read and write
|
||
|
2A403CC6000
|
heap
|
page read and write
|
||
|
4BF000
|
unkown
|
page read and write
|
||
|
4AA000
|
unkown
|
page write copy
|
||
|
E39B3F0000
|
stack
|
page read and write
|
||
|
2A40A45A000
|
heap
|
page read and write
|
||
|
2A40B70E000
|
heap
|
page read and write
|
||
|
A6157FE000
|
stack
|
page read and write
|
||
|
2A403DE7000
|
heap
|
page read and write
|
||
|
2A40B8EE000
|
heap
|
page read and write
|
||
|
C0000BC000
|
direct allocation
|
page read and write
|
||
|
2A403C95000
|
heap
|
page read and write
|
||
|
C0000E0000
|
direct allocation
|
page read and write
|
||
|
2A40B71F000
|
heap
|
page read and write
|
||
|
2A403CFA000
|
heap
|
page read and write
|
||
|
C0000A4000
|
direct allocation
|
page read and write
|
||
|
E39C2F8000
|
stack
|
page read and write
|
||
|
C00000E000
|
direct allocation
|
page read and write
|
||
|
2A403DB5000
|
heap
|
page read and write
|
||
|
1EDB4210000
|
heap
|
page read and write
|
||
|
C000035000
|
direct allocation
|
page read and write
|
||
|
54B000
|
unkown
|
page readonly
|
||
|
2A40655E000
|
heap
|
page read and write
|
||
|
3E7000
|
unkown
|
page readonly
|
||
|
2A403C6F000
|
heap
|
page read and write
|
||
|
51E000
|
unkown
|
page readonly
|
||
|
1BFD1C20000
|
direct allocation
|
page read and write
|
||
|
2A4065B4000
|
heap
|
page read and write
|
||
|
2A40B78A000
|
heap
|
page read and write
|
||
|
2A403DCF000
|
heap
|
page read and write
|
||
|
2A40650A000
|
heap
|
page read and write
|
||
|
2A40B6CC000
|
heap
|
page read and write
|
||
|
2A40B82A000
|
heap
|
page read and write
|
||
|
C00002E000
|
direct allocation
|
page read and write
|
||
|
C0000D0000
|
direct allocation
|
page read and write
|
||
|
2A40B87C000
|
heap
|
page read and write
|
||
|
2A40AF31000
|
heap
|
page read and write
|
||
|
2A40B6D5000
|
heap
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
A6151FD000
|
stack
|
page read and write
|
||
|
2A40AFEB000
|
heap
|
page read and write
|
||
|
2A403C00000
|
heap
|
page read and write
|
||
|
C0000AC000
|
direct allocation
|
page read and write
|
||
|
2A4063E0000
|
trusted library allocation
|
page read and write
|
||
|
C000004000
|
direct allocation
|
page read and write
|
||
|
E39C1FD000
|
stack
|
page read and write
|
||
|
1BFD1E90000
|
direct allocation
|
page execute read
|
||
|
2A40B84E000
|
heap
|
page read and write
|
||
|
2A40AE13000
|
heap
|
page read and write
|
||
|
2A403CC2000
|
heap
|
page read and write
|
||
|
C000090000
|
direct allocation
|
page read and write
|
||
|
5E0000
|
unkown
|
page readonly
|
||
|
2A40B8AD000
|
heap
|
page read and write
|
||
|
2A40653B000
|
heap
|
page read and write
|
||
|
C38CB7F000
|
stack
|
page read and write
|
||
|
2A403AE0000
|
heap
|
page read and write
|
||
|
2A40B6AF000
|
heap
|
page read and write
|
||
|
2A403CE0000
|
heap
|
page read and write
|
||
|
1BFD1C30000
|
direct allocation
|
page read and write
|
||
|
2A403DB9000
|
heap
|
page read and write
|
||
|
C000023000
|
direct allocation
|
page read and write
|
||
|
2A40AD90000
|
heap
|
page read and write
|
||
|
2A403D7A000
|
heap
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
2A40B702000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
E39BBFF000
|
stack
|
page read and write
|
||
|
2A4065F5000
|
heap
|
page read and write
|
||
|
A615DFE000
|
stack
|
page read and write
|
||
|
518000
|
unkown
|
page read and write
|
||
|
2A406547000
|
heap
|
page read and write
|
||
|
2A406589000
|
heap
|
page read and write
|
||
|
C00008A000
|
direct allocation
|
page read and write
|
||
|
C0000CC000
|
direct allocation
|
page read and write
|
||
|
2A40A498000
|
heap
|
page read and write
|
||
|
2A40B8E3000
|
heap
|
page read and write
|
||
|
2A405AF0000
|
trusted library allocation
|
page read and write
|
||
|
2A403D47000
|
heap
|
page read and write
|
||
|
4F0000
|
unkown
|
page read and write
|
||
|
2A403DDD000
|
heap
|
page read and write
|
||
|
1BFD1EE5000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page readonly
|
||
|
2A40AF00000
|
heap
|
page read and write
|
||
|
2A40B758000
|
heap
|
page read and write
|
||
|
2A40AF2B000
|
heap
|
page read and write
|
||
|
2A40A427000
|
heap
|
page read and write
|
||
|
2A403CCE000
|
heap
|
page read and write
|
||
|
C38C97F000
|
stack
|
page read and write
|
||
|
4EA000
|
unkown
|
page read and write
|
||
|
C0000AE000
|
direct allocation
|
page read and write
|
||
|
4B0000
|
unkown
|
page read and write
|
||
|
2A40B73F000
|
heap
|
page read and write
|
||
|
2A4065E4000
|
heap
|
page read and write
|
||
|
2A40AFDA000
|
heap
|
page read and write
|
||
|
2A403DEF000
|
heap
|
page read and write
|
||
|
2A403DAB000
|
heap
|
page read and write
|
||
|
E39BFFC000
|
stack
|
page read and write
|
||
|
C0000E2000
|
direct allocation
|
page read and write
|
||
|
2A40B717000
|
heap
|
page read and write
|
||
|
7FF4D98C1000
|
trusted library allocation
|
page execute read
|
||
|
2A40A5EF000
|
heap
|
page read and write
|
||
|
E39C0FC000
|
stack
|
page read and write
|
||
|
1BFD1EE0000
|
heap
|
page read and write
|
||
|
C000006000
|
direct allocation
|
page read and write
|
||
|
2A40B6E4000
|
heap
|
page read and write
|
||
|
2A40B706000
|
heap
|
page read and write
|
||
|
C000018000
|
direct allocation
|
page read and write
|
||
|
2A40A461000
|
heap
|
page read and write
|
||
|
2A403CDE000
|
heap
|
page read and write
|
||
|
51E000
|
unkown
|
page readonly
|
||
|
2A403C13000
|
heap
|
page read and write
|
||
|
A6155FF000
|
stack
|
page read and write
|
||
|
2A40A49A000
|
heap
|
page read and write
|
||
|
E39B1FF000
|
stack
|
page read and write
|
||
|
2A403CB5000
|
heap
|
page read and write
|
||
|
2A403D9E000
|
heap
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
331000
|
unkown
|
page execute read
|
||
|
4AE000
|
unkown
|
page write copy
|
||
|
C38C8FB000
|
stack
|
page read and write
|
||
|
2A40B902000
|
heap
|
page read and write
|
||
|
2A40B713000
|
heap
|
page read and write
|
||
|
3E7000
|
unkown
|
page readonly
|
||
|
2A40B88E000
|
heap
|
page read and write
|
||
|
2A40A5AB000
|
heap
|
page read and write
|
||
|
2A403CD2000
|
heap
|
page read and write
|
||
|
2A403CB9000
|
heap
|
page read and write
|
||
|
C000038000
|
direct allocation
|
page read and write
|
||
|
1BFD1C00000
|
direct allocation
|
page read and write
|
||
|
2A403DCA000
|
heap
|
page read and write
|
||
|
C38CA7E000
|
stack
|
page read and write
|
||
|
2A40B782000
|
heap
|
page read and write
|
||
|
E39BEFC000
|
stack
|
page read and write
|
||
|
2A40ADA0000
|
trusted library allocation
|
page read and write
|
||
|
2A4065E2000
|
heap
|
page read and write
|
There are 272 hidden memdumps, click here to show them.