Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\service123.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\IZImiIFXXrvtVOHFozZW.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\service123.exe
|
"C:\Users\user\AppData\Local\Temp\service123.exe"
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st
00:01 /du 9800:59 /sc once /ri 1 /f
|
|
|
|
C:\Users\user\AppData\Local\Temp\service123.exe
|
C:\Users\user\AppData\Local\Temp\/service123.exe
|
|
|
|
C:\Users\user\AppData\Local\Temp\service123.exe
|
C:\Users\user\AppData\Local\Temp\/service123.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fivevh5pt.top
|
|
||
|
analforeverlovyu.top
|
|
||
|
@fivevh5pt.top
|
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://gcc.gnu.org/bugs/):
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
http://fivevh5pt.top/9
|
unknown
|
||
|
https://serviceupdate32.com/update
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
http://fivevh5pt.top/v1/upload.php
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fivevh5pt.top
|
84.38.182.221
|
|
|
|
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
84.38.182.221
|
fivevh5pt.top
|
Russian Federation
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
49F0000
|
heap
|
page read and write
|
|
|
|
C70000
|
heap
|
page read and write
|
||
|
E210000
|
heap
|
page read and write
|
||
|
EC0000
|
stack
|
page read and write
|
||
|
1FDB000
|
heap
|
page read and write
|
||
|
6C4A8000
|
unkown
|
page readonly
|
||
|
F01000
|
unkown
|
page execute read
|
||
|
2012000
|
heap
|
page read and write
|
||
|
1FE8000
|
heap
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
E243000
|
heap
|
page read and write
|
||
|
3E71000
|
heap
|
page read and write
|
||
|
1DC0000
|
remote allocation
|
page read and write
|
||
|
F00000
|
unkown
|
page readonly
|
||
|
456F000
|
stack
|
page read and write
|
||
|
3DF1000
|
heap
|
page read and write
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
6C45D000
|
unkown
|
page read and write
|
||
|
E22D000
|
heap
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
290000
|
heap
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
6C381000
|
unkown
|
page execute read
|
||
|
235F000
|
unkown
|
page read and write
|
||
|
1DE5000
|
heap
|
page read and write
|
||
|
CCB000
|
stack
|
page read and write
|
||
|
1087000
|
heap
|
page read and write
|
||
|
FEE000
|
heap
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
3E6F000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
2010000
|
heap
|
page read and write
|
||
|
E220000
|
heap
|
page read and write
|
||
|
1587000
|
unkown
|
page read and write
|
||
|
E33E000
|
heap
|
page read and write
|
||
|
1518000
|
unkown
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
1844000
|
unkown
|
page readonly
|
||
|
4F5C000
|
stack
|
page read and write
|
||
|
1832000
|
unkown
|
page readonly
|
||
|
3EAA000
|
heap
|
page read and write
|
||
|
47AF000
|
stack
|
page read and write
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
C80000
|
heap
|
page read and write
|
||
|
150A000
|
unkown
|
page read and write
|
||
|
E24B000
|
heap
|
page read and write
|
||
|
2056000
|
heap
|
page read and write
|
||
|
1C64000
|
heap
|
page read and write
|
||
|
E221000
|
heap
|
page read and write
|
||
|
FEA000
|
heap
|
page read and write
|
||
|
E227000
|
heap
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
1CB0000
|
heap
|
page read and write
|
||
|
412D000
|
stack
|
page read and write
|
||
|
6C4A9000
|
unkown
|
page read and write
|
||
|
3DF1000
|
heap
|
page read and write
|
||
|
EA6000
|
stack
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
1990000
|
heap
|
page read and write
|
||
|
DDE000
|
stack
|
page read and write
|
||
|
1516000
|
unkown
|
page read and write
|
||
|
3E71000
|
heap
|
page read and write
|
||
|
3E9D000
|
heap
|
page read and write
|
||
|
142E000
|
stack
|
page read and write
|
||
|
3EAF000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
F01000
|
unkown
|
page execute read
|
||
|
1FF4000
|
heap
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
6C45F000
|
unkown
|
page readonly
|
||
|
3E9F000
|
heap
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
1C3E000
|
stack
|
page read and write
|
||
|
4D1F000
|
stack
|
page read and write
|
||
|
1FD4000
|
heap
|
page read and write
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
1523000
|
unkown
|
page read and write
|
||
|
432D000
|
stack
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
3EA3000
|
heap
|
page read and write
|
||
|
1511000
|
unkown
|
page read and write
|
||
|
11C1000
|
unkown
|
page read and write
|
||
|
3E98000
|
heap
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
19DE000
|
stack
|
page read and write
|
||
|
1C40000
|
heap
|
page read and write
|
||
|
1841000
|
unkown
|
page read and write
|
||
|
CBE000
|
unkown
|
page write copy
|
||
|
2980000
|
heap
|
page read and write
|
||
|
239E000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
E25F000
|
heap
|
page read and write
|
||
|
3EA3000
|
heap
|
page read and write
|
||
|
6C380000
|
unkown
|
page readonly
|
||
|
CBE000
|
unkown
|
page write copy
|
||
|
4B1E000
|
stack
|
page read and write
|
||
|
17C8000
|
unkown
|
page read and write
|
||
|
E237000
|
heap
|
page read and write
|
||
|
1DC0000
|
remote allocation
|
page read and write
|
||
|
12C2000
|
unkown
|
page read and write
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
3E0E000
|
heap
|
page read and write
|
||
|
3DF1000
|
heap
|
page read and write
|
||
|
1FAA000
|
heap
|
page read and write
|
||
|
1DE0000
|
heap
|
page read and write
|
||
|
1DC0000
|
remote allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
2660000
|
heap
|
page read and write
|
||
|
122F000
|
stack
|
page read and write
|
||
|
229F000
|
stack
|
page read and write
|
||
|
3AAF000
|
stack
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
3E6F000
|
heap
|
page read and write
|
||
|
11C1000
|
unkown
|
page write copy
|
||
|
436E000
|
stack
|
page read and write
|
||
|
3E74000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
EC7000
|
stack
|
page read and write
|
||
|
14A000
|
stack
|
page read and write
|
||
|
231E000
|
unkown
|
page read and write
|
||
|
49EE000
|
stack
|
page read and write
|
||
|
A3C000
|
stack
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
E12D000
|
heap
|
page read and write
|
||
|
C3C000
|
stack
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1FD4000
|
heap
|
page read and write
|
||
|
3E71000
|
heap
|
page read and write
|
||
|
1CA0000
|
heap
|
page read and write
|
||
|
1507000
|
unkown
|
page read and write
|
||
|
1FE8000
|
heap
|
page read and write
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
E23D000
|
heap
|
page read and write
|
||
|
ECC000
|
stack
|
page read and write
|
||
|
3E1B000
|
heap
|
page read and write
|
||
|
3E98000
|
heap
|
page read and write
|
||
|
1FAE000
|
heap
|
page read and write
|
||
|
3E94000
|
heap
|
page read and write
|
||
|
4D5C000
|
stack
|
page read and write
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
266B000
|
heap
|
page read and write
|
||
|
1302000
|
unkown
|
page read and write
|
||
|
CB1000
|
unkown
|
page execute read
|
||
|
2007000
|
heap
|
page read and write
|
||
|
1841000
|
unkown
|
page write copy
|
||
|
3E9D000
|
heap
|
page read and write
|
||
|
1844000
|
unkown
|
page readonly
|
||
|
3E09000
|
heap
|
page read and write
|
||
|
3DF0000
|
heap
|
page read and write
|
||
|
1CDA000
|
heap
|
page read and write
|
||
|
2790000
|
heap
|
page read and write
|
||
|
DE48000
|
heap
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
E234000
|
heap
|
page read and write
|
||
|
1529000
|
unkown
|
page read and write
|
||
|
3E98000
|
heap
|
page read and write
|
||
|
9AC000
|
stack
|
page read and write
|
||
|
1FEF000
|
heap
|
page read and write
|
||
|
F38000
|
heap
|
page read and write
|
||
|
3E93000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
CBE000
|
unkown
|
page write copy
|
||
|
E245000
|
heap
|
page read and write
|
||
|
3E98000
|
heap
|
page read and write
|
||
|
E227000
|
heap
|
page read and write
|
||
|
CB0000
|
unkown
|
page readonly
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
23DF000
|
stack
|
page read and write
|
||
|
F00000
|
unkown
|
page readonly
|
||
|
10D000
|
stack
|
page read and write
|
||
|
E92E000
|
heap
|
page read and write
|
||
|
14C7000
|
unkown
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
E3E000
|
stack
|
page read and write
|
||
|
CBE000
|
unkown
|
page read and write
|
||
|
CBA000
|
unkown
|
page readonly
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
3E9E000
|
heap
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
150E000
|
unkown
|
page read and write
|
||
|
6C4AC000
|
unkown
|
page readonly
|
||
|
40ED000
|
stack
|
page read and write
|
||
|
3DF9000
|
heap
|
page read and write
|
||
|
E240000
|
heap
|
page read and write
|
||
|
1832000
|
unkown
|
page readonly
|
||
|
1C60000
|
heap
|
page read and write
|
||
|
3E5B000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1FCD000
|
heap
|
page read and write
|
||
|
3E60000
|
heap
|
page read and write
|
||
|
1DAD000
|
stack
|
page read and write
|
||
|
CC1000
|
unkown
|
page readonly
|
||
|
ECC000
|
stack
|
page read and write
|
||
|
3E9F000
|
heap
|
page read and write
|
||
|
EAA000
|
stack
|
page read and write
|
There are 196 hidden memdumps, click here to show them.