Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
172771704470d2405c797286a7d66ed6085690f2346b0873f84a2d4bbbbfed17373d12cd4f758.dat-decoded.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\172771704470d2405c797286a7d66ed6085690f2346b0873f84a2d4bbbbfed17373d12cd4f758.dat-decoded.exe
|
"C:\Users\user\Desktop\172771704470d2405c797286a7d66ed6085690f2346b0873f84a2d4bbbbfed17373d12cd4f758.dat-decoded.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
)8"zc
|
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dczas.duckdns.org
|
89.117.23.22
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
89.117.23.22
|
dczas.duckdns.org
|
Lithuania
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit
|
Version
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
30D1000
|
trusted library allocation
|
page read and write
|
|
|
|
3156000
|
trusted library allocation
|
page read and write
|
|
|
|
DD2000
|
unkown
|
page readonly
|
|
|
|
1244000
|
heap
|
page read and write
|
||
|
1BCAE000
|
heap
|
page read and write
|
||
|
340C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page execute and read and write
|
||
|
1790000
|
heap
|
page execute and read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page execute and read and write
|
||
|
17B5000
|
heap
|
page read and write
|
||
|
314E000
|
trusted library allocation
|
page read and write
|
||
|
1C7AA000
|
stack
|
page read and write
|
||
|
1BA70000
|
heap
|
page read and write
|
||
|
1BBE1000
|
heap
|
page read and write
|
||
|
7FFD9B78C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B826000
|
trusted library allocation
|
page read and write
|
||
|
33F5000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1BB57000
|
heap
|
page read and write
|
||
|
1350000
|
heap
|
page read and write
|
||
|
1BA1E000
|
stack
|
page read and write
|
||
|
1BB22000
|
heap
|
page read and write
|
||
|
1191000
|
heap
|
page read and write
|
||
|
1B65D000
|
stack
|
page read and write
|
||
|
313E000
|
trusted library allocation
|
page read and write
|
||
|
313B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B830000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
3403000
|
trusted library allocation
|
page read and write
|
||
|
312F000
|
trusted library allocation
|
page read and write
|
||
|
1134000
|
stack
|
page read and write
|
||
|
7FFD9B856000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB85000
|
heap
|
page read and write
|
||
|
11CE000
|
heap
|
page read and write
|
||
|
1BB89000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
1BC00000
|
heap
|
page read and write
|
||
|
340A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BBD1000
|
heap
|
page read and write
|
||
|
3407000
|
trusted library allocation
|
page read and write
|
||
|
33EE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
1183000
|
heap
|
page read and write
|
||
|
314A000
|
trusted library allocation
|
page read and write
|
||
|
13B5000
|
heap
|
page read and write
|
||
|
312D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B82C000
|
trusted library allocation
|
page execute and read and write
|
||
|
3154000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79B000
|
trusted library allocation
|
page execute and read and write
|
||
|
125B000
|
heap
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
DDE000
|
unkown
|
page readonly
|
||
|
7FF409470000
|
trusted library allocation
|
page execute and read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page read and write
|
||
|
130DE000
|
trusted library allocation
|
page read and write
|
||
|
116C000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page read and write
|
||
|
1BBBC000
|
heap
|
page read and write
|
||
|
1BB70000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB4D000
|
heap
|
page read and write
|
||
|
1BB55000
|
heap
|
page read and write
|
||
|
1BB6D000
|
heap
|
page read and write
|
||
|
1C06F000
|
stack
|
page read and write
|
||
|
DD0000
|
unkown
|
page readonly
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
1175000
|
heap
|
page read and write
|
||
|
15BD000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
7FFD9B783000
|
trusted library allocation
|
page read and write
|
||
|
314C000
|
trusted library allocation
|
page read and write
|
||
|
1BB96000
|
heap
|
page read and write
|
||
|
1C8AD000
|
stack
|
page read and write
|
||
|
3146000
|
trusted library allocation
|
page read and write
|
||
|
1BBE5000
|
heap
|
page read and write
|
||
|
1B9DE000
|
stack
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
1C6AB000
|
stack
|
page read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
DD0000
|
unkown
|
page readonly
|
||
|
130D1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B100000
|
trusted library allocation
|
page read and write
|
||
|
3139000
|
trusted library allocation
|
page read and write
|
||
|
1BA60000
|
heap
|
page execute and read and write
|
||
|
1BC05000
|
heap
|
page read and write
|
||
|
1CAAC000
|
stack
|
page read and write
|
||
|
1723000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
118A000
|
heap
|
page read and write
|
||
|
1BE6E000
|
stack
|
page read and write
|
||
|
11A1000
|
heap
|
page read and write
|
||
|
16BC000
|
stack
|
page read and write
|
||
|
1C36D000
|
stack
|
page read and write
|
||
|
1BB99000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BF6E000
|
stack
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
3141000
|
trusted library allocation
|
page read and write
|
||
|
1BBB6000
|
heap
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
11A4000
|
heap
|
page read and write
|
||
|
1C46D000
|
stack
|
page read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
1B458000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
3144000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B890000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C16E000
|
stack
|
page read and write
|
There are 106 hidden memdumps, click here to show them.