Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://s.itorrent.bz/w5
|
unknown
|
||
|
http://s.itorrent.bz//
|
unknown
|
||
|
http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxxJ
|
unknown
|
||
|
http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxxF
|
unknown
|
||
|
http://s.itorrent.bz/
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404T
|
unknown
|
||
|
http://info.pillowkidguest.ru/logo.pngm
|
unknown
|
||
|
http://cdn.itorrent.bz/
|
unknown
|
||
|
http://cdn.itorrent.bz/itorrent-application/itorrent.zip
|
unknown
|
||
|
http://info.pillowkidguest.ru/logo.pnga8b13a8ef5c233e82e7c47bb5977f38a
|
unknown
|
||
|
http://info.pillowkidguest.ru/logo.png
|
unknown
|
||
|
http://g.itorrent.bz/support.i
|
unknown
|
||
|
http://info.pillowkidguest.ru/logo.pngU
|
unknown
|
||
|
http://s.itorrent.bz/l$J
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df%
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/s/?version=1.0.0.404
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404j
|
unknown
|
||
|
http://s.itorrent.bz/i/BUTTON###image/pngCan
|
unknown
|
||
|
http://g.itorrent.bz/support.ilbad
|
unknown
|
||
|
http://info.pillowkidguest.ru/logo.pngs2
|
unknown
|
||
|
http://s.itorrent.bz/i/44e838831f4e7f2973ae42fab2828498/df/?version=1.0.0.404/
|
unknown
|
||
|
http://s.itorrent.bz/i/
|
unknown
|
||
|
http://info.pillowkidguest.ru/Ts
|
unknown
|
||
|
http://tfile.me/forum/download.php?id=706491&ak=11xxxxxxxx
|
unknown
|
||
|
http://cdn.itorrent.bz/itorrent-application/itorrent.zip5
|
unknown
|
||
|
http://cdn.itorrent.bz/itorrent-application/itorrent.zipFreeSpacer_setup.exe.
|
unknown
|
||
|
http://s.itorrent.bz//95
|
unknown
|
There are 18 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
cdn.itorrent.bz
|
unknown
|
||
|
s.itorrent.bz
|
unknown
|
||
|
info.pillowkidguest.ru
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2700000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page read and write
|
||
|
3EF4000
|
heap
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
4CCE000
|
stack
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
2C6D000
|
stack
|
page read and write
|
||
|
6E3000
|
heap
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
49E0000
|
heap
|
page read and write
|
||
|
BFA000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
2724000
|
heap
|
page read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
72E000
|
heap
|
page read and write
|
||
|
3EF0000
|
heap
|
page read and write
|
||
|
70C000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
3EFB000
|
heap
|
page read and write
|
||
|
725000
|
heap
|
page read and write
|
||
|
3EFF000
|
heap
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
3EF4000
|
heap
|
page read and write
|
||
|
458000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6E3000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
71C000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
3EF4000
|
heap
|
page read and write
|
||
|
40D0000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
3EF8000
|
heap
|
page read and write
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
71C000
|
heap
|
page read and write
|
||
|
4A02000
|
heap
|
page read and write
|
||
|
3EF8000
|
heap
|
page read and write
|
||
|
2720000
|
heap
|
page read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
560000
|
heap
|
page read and write
|
||
|
25C0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
25BC000
|
stack
|
page read and write
|
||
|
2C80000
|
remote allocation
|
page read and write
|
||
|
6D9000
|
heap
|
page read and write
|
||
|
40E0000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
unkown
|
page write copy
|
||
|
6C3000
|
heap
|
page read and write
|
||
|
729000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
4C7E000
|
stack
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
6ED000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
4DCE000
|
stack
|
page read and write
|
||
|
3EF1000
|
heap
|
page read and write
|
||
|
2C80000
|
remote allocation
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
48E0000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
3EF6000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
BFE000
|
heap
|
page read and write
|
||
|
2B2D000
|
stack
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
45A000
|
unkown
|
page readonly
|
||
|
565000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
70B000
|
heap
|
page read and write
|
||
|
3EF6000
|
heap
|
page read and write
|
||
|
694000
|
heap
|
page read and write
|
||
|
6EB000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
70A000
|
heap
|
page read and write
|
||
|
2C80000
|
remote allocation
|
page read and write
|
||
|
6DC000
|
heap
|
page read and write
|
||
|
26CE000
|
stack
|
page read and write
|
||
|
692000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
4A00000
|
heap
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
6CF000
|
heap
|
page read and write
|
||
|
2560000
|
heap
|
page read and write
|
||
|
6D7000
|
heap
|
page read and write
|
||
|
25C3000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
3EF8000
|
heap
|
page read and write
|
||
|
2A2C000
|
stack
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
286E000
|
stack
|
page read and write
|
||
|
49E1000
|
heap
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
276C000
|
stack
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
4B7E000
|
stack
|
page read and write
|
||
|
3EF1000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
There are 100 hidden memdumps, click here to show them.