Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
STlUEqhwpx.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\STlUEqhwpx.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\STlUEqhwpx.exe
|
"C:\Users\user\Desktop\STlUEqhwpx.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
165.22.194.189
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/d
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
http://crl.micro
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
http://ipwho.isd
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
195.201.57.90
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
http://crl.mi
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipwho.is
|
195.201.57.90
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
165.22.194.189
|
unknown
|
United States
|
|
|
|
195.201.57.90
|
ipwho.is
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4184000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
720000
|
remote allocation
|
page execute and read and write
|
|
|
|
3111000
|
trusted library allocation
|
page read and write
|
|
|
|
3784000
|
trusted library allocation
|
page read and write
|
|
|
|
33A6000
|
trusted library allocation
|
page read and write
|
|
|
|
2781000
|
trusted library allocation
|
page read and write
|
|
|
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
614A000
|
trusted library allocation
|
page read and write
|
||
|
745000
|
heap
|
page read and write
|
||
|
335A000
|
trusted library allocation
|
page read and write
|
||
|
6193000
|
trusted library allocation
|
page read and write
|
||
|
5B00000
|
trusted library allocation
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
6140000
|
trusted library allocation
|
page read and write
|
||
|
5AA0000
|
trusted library allocation
|
page read and write
|
||
|
12B4000
|
heap
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
3356000
|
trusted library allocation
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page execute and read and write
|
||
|
12D9000
|
heap
|
page read and write
|
||
|
5A70000
|
trusted library allocation
|
page read and write
|
||
|
129C000
|
heap
|
page read and write
|
||
|
33E1000
|
trusted library allocation
|
page read and write
|
||
|
56BB000
|
trusted library allocation
|
page read and write
|
||
|
1271000
|
heap
|
page read and write
|
||
|
5ADA000
|
trusted library allocation
|
page read and write
|
||
|
5595000
|
trusted library allocation
|
page read and write
|
||
|
1647000
|
trusted library allocation
|
page execute and read and write
|
||
|
6288000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
heap
|
page execute and read and write
|
||
|
6310000
|
trusted library allocation
|
page read and write
|
||
|
6240000
|
trusted library allocation
|
page read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
6150000
|
trusted library allocation
|
page read and write
|
||
|
5931000
|
heap
|
page read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
23FA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6679000
|
stack
|
page read and write
|
||
|
1632000
|
trusted library allocation
|
page read and write
|
||
|
2570000
|
trusted library allocation
|
page execute and read and write
|
||
|
1642000
|
trusted library allocation
|
page read and write
|
||
|
12000
|
unkown
|
page readonly
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
5550000
|
trusted library allocation
|
page read and write
|
||
|
6160000
|
trusted library allocation
|
page read and write
|
||
|
5A80000
|
trusted library allocation
|
page execute and read and write
|
||
|
3506000
|
trusted library allocation
|
page read and write
|
||
|
61F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1640000
|
trusted library allocation
|
page read and write
|
||
|
77FE000
|
stack
|
page read and write
|
||
|
5A40000
|
trusted library allocation
|
page read and write
|
||
|
4111000
|
trusted library allocation
|
page read and write
|
||
|
7780000
|
trusted library allocation
|
page read and write
|
||
|
5A60000
|
trusted library allocation
|
page read and write
|
||
|
6300000
|
trusted library allocation
|
page read and write
|
||
|
5AB0000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
657C000
|
stack
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
6191000
|
trusted library allocation
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
DBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3100000
|
heap
|
page execute and read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
62A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3080000
|
trusted library allocation
|
page read and write
|
||
|
33A2000
|
trusted library allocation
|
page read and write
|
||
|
6260000
|
trusted library allocation
|
page execute and read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
6740000
|
heap
|
page read and write
|
||
|
643E000
|
stack
|
page read and write
|
||
|
55EF000
|
trusted library allocation
|
page read and write
|
||
|
4117000
|
trusted library allocation
|
page read and write
|
||
|
ABD000
|
stack
|
page read and write
|
||
|
66BE000
|
stack
|
page read and write
|
||
|
5670000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
350B000
|
trusted library allocation
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
5B05000
|
trusted library allocation
|
page read and write
|
||
|
55D3000
|
heap
|
page read and write
|
||
|
59D1000
|
trusted library allocation
|
page read and write
|
||
|
673E000
|
stack
|
page read and write
|
||
|
164B000
|
trusted library allocation
|
page execute and read and write
|
||
|
30B5000
|
trusted library allocation
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
6200000
|
trusted library allocation
|
page read and write
|
||
|
867000
|
heap
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
DC4000
|
trusted library allocation
|
page read and write
|
||
|
246E000
|
stack
|
page read and write
|
||
|
332A000
|
trusted library allocation
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
6E34000
|
heap
|
page read and write
|
||
|
33DD000
|
trusted library allocation
|
page read and write
|
||
|
753D000
|
stack
|
page read and write
|
||
|
6F9000
|
stack
|
page read and write
|
||
|
557C000
|
trusted library allocation
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
6170000
|
trusted library allocation
|
page read and write
|
||
|
DC9000
|
stack
|
page read and write
|
||
|
2407000
|
trusted library allocation
|
page execute and read and write
|
||
|
61E0000
|
trusted library allocation
|
page read and write
|
||
|
6230000
|
trusted library allocation
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
240B000
|
trusted library allocation
|
page execute and read and write
|
||
|
717D000
|
stack
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
6195000
|
trusted library allocation
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
DB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DE3000
|
heap
|
page read and write
|
||
|
2E68000
|
trusted library allocation
|
page read and write
|
||
|
5576000
|
trusted library allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
3781000
|
trusted library allocation
|
page read and write
|
||
|
305F000
|
stack
|
page read and write
|
||
|
61A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A20000
|
trusted library allocation
|
page execute and read and write
|
||
|
10000
|
unkown
|
page readonly
|
||
|
1503000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AC0000
|
trusted library allocation
|
page read and write
|
||
|
3363000
|
trusted library allocation
|
page read and write
|
||
|
5650000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
heap
|
page execute and read and write
|
||
|
4137000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
trusted library allocation
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
793E000
|
stack
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
6E2E000
|
heap
|
page read and write
|
||
|
593E000
|
heap
|
page read and write
|
||
|
3347000
|
trusted library allocation
|
page read and write
|
||
|
5ADD000
|
trusted library allocation
|
page read and write
|
||
|
163A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A90000
|
trusted library allocation
|
page read and write
|
||
|
73BF000
|
stack
|
page read and write
|
||
|
6180000
|
trusted library allocation
|
page read and write
|
||
|
DB4000
|
trusted library allocation
|
page read and write
|
||
|
620D000
|
trusted library allocation
|
page read and write
|
||
|
2793000
|
trusted library allocation
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
6D80000
|
heap
|
page read and write
|
||
|
7F8D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
1676000
|
heap
|
page read and write
|
||
|
72BE000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page execute and read and write
|
||
|
1504000
|
trusted library allocation
|
page read and write
|
||
|
86B000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
3326000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
151D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5AD0000
|
trusted library allocation
|
page read and write
|
||
|
5B70000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
3509000
|
trusted library allocation
|
page read and write
|
||
|
5A10000
|
trusted library allocation
|
page read and write
|
||
|
126E000
|
heap
|
page read and write
|
||
|
1630000
|
trusted library allocation
|
page read and write
|
||
|
3366000
|
trusted library allocation
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
767E000
|
stack
|
page read and write
|
||
|
1130000
|
heap
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
6EBE000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page read and write
|
||
|
58B0000
|
heap
|
page read and write
|
||
|
5630000
|
trusted library allocation
|
page execute and read and write
|
||
|
6270000
|
trusted library allocation
|
page read and write
|
||
|
2580000
|
trusted library allocation
|
page read and write
|
||
|
6250000
|
trusted library allocation
|
page read and write
|
||
|
5AAC000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
1220000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
1636000
|
trusted library allocation
|
page execute and read and write
|
||
|
2420000
|
trusted library allocation
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
3197000
|
trusted library allocation
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
7C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
123B000
|
heap
|
page read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
62E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
7790000
|
heap
|
page execute and read and write
|
||
|
56A0000
|
trusted library allocation
|
page read and write
|
||
|
411D000
|
trusted library allocation
|
page read and write
|
||
|
520E000
|
stack
|
page read and write
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
||
|
56DE000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
596D000
|
heap
|
page read and write
|
||
|
10F8000
|
stack
|
page read and write
|
||
|
6210000
|
trusted library allocation
|
page read and write
|
||
|
5977000
|
heap
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
5963000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
59F0000
|
trusted library allocation
|
page read and write
|
||
|
3CC000
|
stack
|
page read and write
|
||
|
66FD000
|
stack
|
page read and write
|
||
|
653E000
|
stack
|
page read and write
|
||
|
6750000
|
trusted library allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
4127000
|
trusted library allocation
|
page read and write
|
||
|
12A4000
|
heap
|
page read and write
|
||
|
268D000
|
stack
|
page read and write
|
||
|
727D000
|
stack
|
page read and write
|
||
|
6177000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
350D000
|
trusted library allocation
|
page read and write
|
||
|
592F000
|
heap
|
page read and write
|
||
|
5926000
|
heap
|
page read and write
|
||
|
1513000
|
trusted library allocation
|
page read and write
|
||
|
1264000
|
heap
|
page read and write
|
||
|
487E000
|
stack
|
page read and write
|
||
|
707E000
|
stack
|
page read and write
|
||
|
883000
|
heap
|
page read and write
|
||
|
6220000
|
trusted library allocation
|
page read and write
|
There are 231 hidden memdumps, click here to show them.