Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
YiWuyX184J.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\YiWuyX184J.exe.log
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\Users\user\AppData\Roaming\server.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\server.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\YiWuyX184J.exe
|
"C:\Users\user\Desktop\YiWuyX184J.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\server.exe
|
"C:\Users\user\AppData\Roaming\server.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\server.exe" "server.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
3.74.27.83
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
18.192.31.30
|
unknown
|
United States
|
|
|
|
3.74.27.83
|
0.tcp.eu.ngrok.io
|
United States
|
|
|
|
18.153.198.123
|
unknown
|
United States
|
|
|
|
52.57.120.10
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
D92000
|
unkown
|
page readonly
|
|
|
|
5F4000
|
stack
|
page read and write
|
||
|
4F09000
|
heap
|
page read and write
|
||
|
C69000
|
heap
|
page read and write
|
||
|
C1C000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
1430000
|
heap
|
page read and write
|
||
|
17C0000
|
heap
|
page read and write
|
||
|
4F06000
|
heap
|
page read and write
|
||
|
C02000
|
heap
|
page read and write
|
||
|
5C20000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
103B000
|
stack
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
C19000
|
heap
|
page read and write
|
||
|
BC9000
|
heap
|
page read and write
|
||
|
C09000
|
heap
|
page read and write
|
||
|
BA7000
|
heap
|
page read and write
|
||
|
7F480000
|
trusted library allocation
|
page execute and read and write
|
||
|
17C6000
|
heap
|
page read and write
|
||
|
1235000
|
heap
|
page read and write
|
||
|
3361000
|
trusted library allocation
|
page read and write
|
||
|
C04000
|
heap
|
page read and write
|
||
|
158C000
|
trusted library allocation
|
page execute and read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
4361000
|
trusted library allocation
|
page read and write
|
||
|
1990000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F09000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
1425000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
179B000
|
trusted library allocation
|
page execute and read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
5FB000
|
stack
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
576C000
|
stack
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
1136000
|
stack
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
13A9000
|
heap
|
page read and write
|
||
|
1762000
|
trusted library allocation
|
page execute and read and write
|
||
|
9BE000
|
unkown
|
page read and write
|
||
|
5FBE000
|
stack
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
3515000
|
trusted library allocation
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
5540000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
4F06000
|
heap
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
15D1000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
60BE000
|
stack
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
4EE6000
|
heap
|
page read and write
|
||
|
1421000
|
heap
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
34FB000
|
trusted library allocation
|
page read and write
|
||
|
946000
|
heap
|
page read and write
|
||
|
5CA0000
|
heap
|
page read and write
|
||
|
572B000
|
stack
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
38A6000
|
trusted library allocation
|
page read and write
|
||
|
176A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5550000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E1F000
|
stack
|
page read and write
|
||
|
C1D000
|
heap
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
1782000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6D000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
1746000
|
trusted library allocation
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
122D000
|
stack
|
page read and write
|
||
|
5D1E000
|
stack
|
page read and write
|
||
|
5F5C000
|
stack
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
C1A000
|
heap
|
page read and write
|
||
|
178A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
1797000
|
trusted library allocation
|
page execute and read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
C6D000
|
heap
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
C14000
|
heap
|
page read and write
|
||
|
4F06000
|
heap
|
page read and write
|
||
|
13BF000
|
heap
|
page read and write
|
||
|
BA3000
|
heap
|
page read and write
|
||
|
BBC000
|
heap
|
page read and write
|
||
|
BCA000
|
heap
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
C0D000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page execute and read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
1599000
|
heap
|
page read and write
|
||
|
57AD000
|
stack
|
page read and write
|
||
|
BE3000
|
heap
|
page read and write
|
||
|
4EE7000
|
heap
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1139000
|
stack
|
page read and write
|
||
|
4F0A000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
171E000
|
stack
|
page read and write
|
||
|
5CDF000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
C6E000
|
heap
|
page read and write
|
||
|
BC1000
|
heap
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
4F07000
|
heap
|
page read and write
|
||
|
C62000
|
heap
|
page read and write
|
||
|
1870000
|
heap
|
page read and write
|
||
|
44C1000
|
trusted library allocation
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
C1B000
|
heap
|
page read and write
|
||
|
5BDE000
|
stack
|
page read and write
|
||
|
FF6000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
15BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
EF9000
|
stack
|
page read and write
|
||
|
C0E000
|
heap
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
553E000
|
stack
|
page read and write
|
||
|
1752000
|
trusted library allocation
|
page execute and read and write
|
||
|
182E000
|
stack
|
page read and write
|
||
|
4F08000
|
heap
|
page read and write
|
||
|
1388000
|
heap
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
C15000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
137A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1720000
|
heap
|
page read and write
|
||
|
4ED6000
|
heap
|
page read and write
|
||
|
BAE000
|
heap
|
page read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
56EC000
|
stack
|
page read and write
|
||
|
C63000
|
heap
|
page read and write
|
||
|
BDE000
|
heap
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
58AE000
|
stack
|
page read and write
|
||
|
5830000
|
unclassified section
|
page read and write
|
||
|
C14000
|
heap
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
4F06000
|
heap
|
page read and write
|
||
|
C19000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
5CB0000
|
heap
|
page read and write
|
||
|
19D0000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
BC8000
|
heap
|
page read and write
|
||
|
172E000
|
stack
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
54C8000
|
trusted library allocation
|
page read and write
|
||
|
157E000
|
stack
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
C0A000
|
heap
|
page read and write
|
||
|
186C000
|
stack
|
page read and write
|
||
|
1777000
|
trusted library allocation
|
page execute and read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
153A000
|
heap
|
page read and write
|
||
|
158A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C6C000
|
heap
|
page read and write
|
||
|
C05000
|
heap
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
153E000
|
heap
|
page read and write
|
||
|
177A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1760000
|
trusted library allocation
|
page read and write
|
||
|
BBD000
|
heap
|
page read and write
|
||
|
1150000
|
heap
|
page read and write
|
||
|
138E000
|
heap
|
page read and write
|
||
|
198F000
|
stack
|
page read and write
|
||
|
17E0000
|
heap
|
page read and write
|
||
|
C0D000
|
heap
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
10AE000
|
stack
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
C64000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
1530000
|
heap
|
page read and write
|
||
|
1880000
|
heap
|
page execute and read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
4EDC000
|
heap
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
BC4000
|
heap
|
page read and write
|
||
|
5E5C000
|
stack
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
C11000
|
heap
|
page read and write
|
||
|
C6D000
|
heap
|
page read and write
|
||
|
BA4000
|
heap
|
page read and write
|
||
|
ABF000
|
unkown
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
15A2000
|
trusted library allocation
|
page execute and read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
BC4000
|
heap
|
page read and write
|
||
|
4ED0000
|
heap
|
page read and write
|
||
|
D9C000
|
unkown
|
page readonly
|
||
|
5560000
|
trusted library allocation
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
1372000
|
trusted library allocation
|
page execute and read and write
|
||
|
11DE000
|
stack
|
page read and write
|
||
|
4ECF000
|
stack
|
page read and write
|
||
|
BE1000
|
heap
|
page read and write
|
||
|
5823000
|
heap
|
page read and write
|
||
|
19C0000
|
trusted library allocation
|
page read and write
|
||
|
BB8000
|
heap
|
page read and write
|
||
|
5A5E000
|
stack
|
page read and write
|
||
|
5D60000
|
heap
|
page read and write
|
||
|
D90000
|
unkown
|
page readonly
|
||
|
1750000
|
heap
|
page execute and read and write
|
||
|
BBB000
|
heap
|
page read and write
|
||
|
BBE000
|
heap
|
page read and write
|
||
|
C41000
|
heap
|
page read and write
|
||
|
BDD000
|
heap
|
page read and write
|
||
|
4ED6000
|
heap
|
page read and write
|
||
|
13ED000
|
heap
|
page read and write
|
||
|
175A000
|
trusted library allocation
|
page execute and read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
C0C000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
BCB000
|
heap
|
page read and write
|
||
|
4EDA000
|
heap
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
4ED5000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
57A9000
|
stack
|
page read and write
|
||
|
1582000
|
trusted library allocation
|
page execute and read and write
|
||
|
15B7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1790000
|
trusted library allocation
|
page read and write
|
||
|
1792000
|
trusted library allocation
|
page read and write
|
||
|
34C1000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
B7A000
|
heap
|
page read and write
|
||
|
56C0000
|
heap
|
page read and write
|
||
|
4EEA000
|
heap
|
page read and write
|
||
|
4ED1000
|
heap
|
page read and write
|
||
|
4ED1000
|
heap
|
page read and write
|
||
|
C65000
|
heap
|
page read and write
|
||
|
4EDF000
|
heap
|
page read and write
|
||
|
C17000
|
heap
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
15FA000
|
heap
|
page read and write
|
||
|
185E000
|
stack
|
page read and write
|
||
|
19A0000
|
trusted library allocation
|
page read and write
|
||
|
543E000
|
stack
|
page read and write
|
||
|
BDF000
|
heap
|
page read and write
|
||
|
C67000
|
heap
|
page read and write
|
There are 265 hidden memdumps, click here to show them.