Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.google.com/search?q=how
|
unknown
|
||
|
http://www.site.com/log.php
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\F\0
|
Runcount.cry
|
||
|
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\G\0
|
Runcount.cry
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1154000
|
trusted library allocation
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
984000
|
stack
|
page read and write
|
||
|
1C2A0000
|
trusted library allocation
|
page read and write
|
||
|
1BB4B000
|
heap
|
page read and write
|
||
|
7FF4A9090000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A2000
|
heap
|
page execute and read and write
|
||
|
1BF8B000
|
stack
|
page read and write
|
||
|
7FF8879B2000
|
trusted library allocation
|
page read and write
|
||
|
7FF887890000
|
trusted library allocation
|
page read and write
|
||
|
12ED0000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
heap
|
page read and write
|
||
|
1BAD1000
|
heap
|
page read and write
|
||
|
1C1DF000
|
heap
|
page read and write
|
||
|
7FF887972000
|
trusted library allocation
|
page execute and read and write
|
||
|
DE9000
|
heap
|
page read and write
|
||
|
1BE80000
|
heap
|
page read and write
|
||
|
7FF8878A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887882000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAD3000
|
heap
|
page read and write
|
||
|
1BADC000
|
heap
|
page read and write
|
||
|
7FF887896000
|
trusted library allocation
|
page read and write
|
||
|
3791000
|
trusted library allocation
|
page read and write
|
||
|
7FF887932000
|
trusted library allocation
|
page execute and read and write
|
||
|
D0C000
|
heap
|
page read and write
|
||
|
840000
|
unkown
|
page readonly
|
||
|
810000
|
unkown
|
page readonly
|
||
|
1BC8E000
|
stack
|
page read and write
|
||
|
1C20D000
|
heap
|
page read and write
|
||
|
7FF887940000
|
trusted library allocation
|
page read and write
|
||
|
812000
|
unkown
|
page readonly
|
||
|
1C2E0000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
7FF887872000
|
trusted library allocation
|
page execute and read and write
|
||
|
1160000
|
trusted library allocation
|
page read and write
|
||
|
1B870000
|
trusted library allocation
|
page read and write
|
||
|
7FF8879C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E85000
|
heap
|
page read and write
|
||
|
7FF887A00000
|
trusted library allocation
|
page execute and read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
1B87C000
|
trusted library allocation
|
page read and write
|
||
|
1BB27000
|
heap
|
page read and write
|
||
|
2EC1000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
1BD8E000
|
stack
|
page read and write
|
||
|
1463000
|
heap
|
page read and write
|
||
|
1AF20000
|
trusted library allocation
|
page read and write
|
||
|
1BB73000
|
heap
|
page read and write
|
||
|
1C08C000
|
stack
|
page read and write
|
||
|
D2E000
|
heap
|
page read and write
|
||
|
1C0AD000
|
heap
|
page read and write
|
||
|
7FF4A90A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88793A000
|
trusted library allocation
|
page execute and read and write
|
||
|
D4B000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
7FF8879B0000
|
trusted library allocation
|
page read and write
|
||
|
1C090000
|
heap
|
page read and write
|
||
|
1BA90000
|
heap
|
page read and write
|
||
|
1B880000
|
heap
|
page read and write
|
||
|
12EC7000
|
trusted library allocation
|
page read and write
|
||
|
1BE20000
|
trusted library allocation
|
page read and write
|
||
|
1C14A000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
D2A000
|
heap
|
page read and write
|
||
|
12ECE000
|
trusted library allocation
|
page read and write
|
||
|
1B860000
|
trusted library allocation
|
page read and write
|
||
|
1466000
|
heap
|
page read and write
|
||
|
1115000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
7FF887886000
|
trusted library allocation
|
page execute and read and write
|
||
|
1170000
|
trusted library allocation
|
page read and write
|
||
|
7FF887880000
|
trusted library allocation
|
page read and write
|
||
|
D3E000
|
heap
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
1B98E000
|
stack
|
page read and write
|
||
|
1BAEA000
|
heap
|
page read and write
|
||
|
12EC1000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
unkown
|
page readonly
|
||
|
1BB03000
|
heap
|
page read and write
|
||
|
D57000
|
heap
|
page read and write
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
1B820000
|
heap
|
page execute and read and write
|
||
|
7FF8878D4000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C168000
|
heap
|
page read and write
|
||
|
7FF88789F000
|
trusted library allocation
|
page execute and read and write
|
||
|
117D000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
1BAF7000
|
heap
|
page read and write
|
||
|
1B79D000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
7FF88794A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF88787A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C7DA000
|
stack
|
page read and write
|
||
|
1AF25000
|
trusted library allocation
|
page read and write
|
||
|
1C8DD000
|
stack
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
1452000
|
trusted library allocation
|
page read and write
|
||
|
11A0000
|
heap
|
page execute and read and write
|
||
|
12EC5000
|
trusted library allocation
|
page read and write
|
||
|
1C0B5000
|
heap
|
page read and write
|
||
|
1B590000
|
heap
|
page read and write
|
||
|
7FF887A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
DEF000
|
heap
|
page read and write
|
||
|
1BB71000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
115A000
|
trusted library allocation
|
page read and write
|
||
|
7FF88794D000
|
trusted library allocation
|
page execute and read and write
|
There are 98 hidden memdumps, click here to show them.