Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\file.exe.killrabbit
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\AFWAAFRXKO.docx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\AFWAAFRXKO.docx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\AIXACVYBSB.png.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\DTBZGIOOSO.mp3.killrabbit
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\NHPKIZUUSG.jpg.killrabbit
|
MGR bitmap, old format, 1-bit deep, 16-bit aligned
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\TQDGENUHWP.xlsx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\AFWAAFRXKO\ZSSZYEFYMU.pdf.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\AIXACVYBSB.png.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\DTBZGIOOSO.mp3.killrabbit
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\Desktop\DTBZGIOOSO.pdf.killrabbit
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\Desktop\Excel.lnk.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\HTAGVDFUIE.mp3.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\ID_YUTPW48prqskALz7Hr5Uw82skEpcrd_[30_09_2024_10_13]_[19045-authorization].php
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\ID_YUTPW48prqskALz7Hr5Uw82skEpcrd_[30_09_2024_10_13]_[19045-authorization].php.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\ID_YUTPW48prqskALz7Hr5Uw82skEpcrd_[30_09_2024_10_13]_[19045-cabinet].php
|
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\ID_YUTPW48prqskALz7Hr5Uw82skEpcrd_[30_09_2024_10_13]_[19045-cabinet].php.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\NHPKIZUUSG.jpg.killrabbit
|
MGR bitmap, old format, 1-bit deep, 16-bit aligned
|
dropped
|
||
|
C:\Users\user\Desktop\NHPKIZUUSG.xlsx.killrabbit
|
MGR bitmap, old format, 1-bit deep, 16-bit aligned
|
dropped
|
||
|
C:\Users\user\Desktop\ONBQCLYSPU.jpg.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP.docx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP.xlsx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\DTBZGIOOSO.pdf.killrabbit
|
OpenPGP Public Key
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\HTAGVDFUIE.mp3.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\NHPKIZUUSG.xlsx.killrabbit
|
MGR bitmap, old format, 1-bit deep, 16-bit aligned
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\ONBQCLYSPU.jpg.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\TQDGENUHWP.docx.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\TQDGENUHWP\UMMBDNEQBN.png.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\UMMBDNEQBN.png.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\ZSSZYEFYMU.pdf.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\desktop.ini.killrabbit
|
COM executable for DOS
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_396521084417386.decrypt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_396521084417386.decrypt.killrabbit
|
DOS executable (COM, 0x8C-variant)
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_396521084417386.time
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_396521084417386.time.killrabbit
|
data
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_YUTPW48prqskALz7Hr5Uw82skEpcrd.php
|
PHP script, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\Desktop\rabbit_YUTPW48prqskALz7Hr5Uw82skEpcrd.php.killrabbit
|
data
|
dropped
|
There are 28 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://rektware16.temp.swtest.ru/
|
unknown
|
||
|
http://rektware16.temp.swtest.ru/A
|
unknown
|
||
|
http://www.wysiwygwebbuilder.com
|
unknown
|
||
|
http://rektware16.temp.swtest.ru/ID_YUTPW48prqskALz7Hr5Uw82skEpcrd_
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
39AA000
|
heap
|
page read and write
|
||
|
3DD6000
|
heap
|
page read and write
|
||
|
579000
|
stack
|
page read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
3DDE000
|
heap
|
page read and write
|
||
|
3EE5000
|
heap
|
page read and write
|
||
|
15A2000
|
heap
|
page read and write
|
||
|
B90000
|
unkown
|
page readonly
|
||
|
C4E000
|
unkown
|
page write copy
|
||
|
C57000
|
unkown
|
page readonly
|
||
|
3B7F000
|
heap
|
page read and write
|
||
|
3CCF000
|
heap
|
page read and write
|
||
|
108D000
|
stack
|
page read and write
|
||
|
38AE000
|
heap
|
page read and write
|
||
|
14B8000
|
heap
|
page read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
38A3000
|
heap
|
page read and write
|
||
|
C1F000
|
unkown
|
page readonly
|
||
|
38A9000
|
heap
|
page read and write
|
||
|
C52000
|
unkown
|
page write copy
|
||
|
38AC000
|
heap
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
3DD9000
|
heap
|
page read and write
|
||
|
349E000
|
heap
|
page read and write
|
||
|
3D81000
|
heap
|
page read and write
|
||
|
3C84000
|
heap
|
page read and write
|
||
|
985000
|
heap
|
page read and write
|
||
|
38AF000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
106E000
|
stack
|
page read and write
|
||
|
3482000
|
heap
|
page read and write
|
||
|
3B71000
|
heap
|
page read and write
|
||
|
3531000
|
heap
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
105F000
|
stack
|
page read and write
|
||
|
C4E000
|
unkown
|
page read and write
|
||
|
3EE7000
|
heap
|
page read and write
|
||
|
38A3000
|
heap
|
page read and write
|
||
|
38A3000
|
heap
|
page read and write
|
||
|
B91000
|
unkown
|
page execute read
|
||
|
152A000
|
heap
|
page read and write
|
||
|
38AD000
|
heap
|
page read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
3A60000
|
heap
|
page read and write
|
||
|
3968000
|
heap
|
page read and write
|
||
|
3D73000
|
heap
|
page read and write
|
||
|
38A9000
|
heap
|
page read and write
|
||
|
3505000
|
heap
|
page read and write
|
||
|
9C4000
|
heap
|
page read and write
|
||
|
3538000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
AA9000
|
heap
|
page read and write
|
||
|
38AA000
|
heap
|
page read and write
|
||
|
104F000
|
stack
|
page read and write
|
||
|
B90000
|
unkown
|
page readonly
|
||
|
3494000
|
heap
|
page read and write
|
||
|
38AE000
|
heap
|
page read and write
|
||
|
C1F000
|
unkown
|
page readonly
|
||
|
15C9000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
395A000
|
heap
|
page read and write
|
||
|
38A5000
|
heap
|
page read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
3A6C000
|
heap
|
page read and write
|
||
|
38A6000
|
heap
|
page read and write
|
||
|
1455000
|
heap
|
page read and write
|
||
|
1551000
|
heap
|
page read and write
|
||
|
38AF000
|
heap
|
page read and write
|
||
|
B91000
|
unkown
|
page execute read
|
||
|
144A000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
1283000
|
heap
|
page read and write
|
||
|
39AD000
|
heap
|
page read and write
|
||
|
3A5D000
|
heap
|
page read and write
|
||
|
38A3000
|
heap
|
page read and write
|
||
|
C44000
|
unkown
|
page readonly
|
||
|
1384000
|
heap
|
page read and write
|
||
|
3C76000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
1377000
|
heap
|
page read and write
|
||
|
12CE000
|
heap
|
page read and write
|
||
|
3CCB000
|
heap
|
page read and write
|
||
|
153D000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
C44000
|
unkown
|
page readonly
|
||
|
1250000
|
heap
|
page read and write
|
||
|
38AB000
|
heap
|
page read and write
|
||
|
14A2000
|
heap
|
page read and write
|
||
|
15AC000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1477000
|
heap
|
page read and write
|
||
|
38A8000
|
heap
|
page read and write
|
||
|
3E91000
|
heap
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
39B9000
|
heap
|
page read and write
|
||
|
3ABE000
|
heap
|
page read and write
|
||
|
3D82000
|
heap
|
page read and write
|
||
|
3D90000
|
heap
|
page read and write
|
||
|
3CCF000
|
heap
|
page read and write
|
||
|
161E000
|
heap
|
page read and write
|
||
|
3CC0000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
3A6B000
|
heap
|
page read and write
|
||
|
C57000
|
unkown
|
page readonly
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
38AE000
|
heap
|
page read and write
|
||
|
3BC2000
|
heap
|
page read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
38A6000
|
heap
|
page read and write
|
||
|
3A7A000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
3964000
|
heap
|
page read and write
|
||
|
3460000
|
heap
|
page read and write
|
||
|
1369000
|
heap
|
page read and write
|
||
|
1258000
|
heap
|
page read and write
|
||
|
158B000
|
heap
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
12ED000
|
heap
|
page read and write
|
||
|
3A6E000
|
heap
|
page read and write
|
||
|
350F000
|
heap
|
page read and write
|
||
|
160C000
|
heap
|
page read and write
|
||
|
1462000
|
heap
|
page read and write
|
||
|
3E9F000
|
heap
|
page read and write
|
||
|
3BC3000
|
heap
|
page read and write
|
||
|
3956000
|
heap
|
page read and write
|
||
|
39B7000
|
heap
|
page read and write
|
||
|
3DDA000
|
heap
|
page read and write
|
||
|
38A1000
|
heap
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
38A3000
|
heap
|
page read and write
|
There are 123 hidden memdumps, click here to show them.