Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
V9fubyadY6.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\V9fubyadY6.exe.log
|
CSV text
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\V9fubyadY6.exe
|
"C:\Users\user\Desktop\V9fubyadY6.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
164.90.236.65
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/d
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
195.201.57.90
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
http://ipwho.isd
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ipwho.is
|
195.201.57.90
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
164.90.236.65
|
unknown
|
United States
|
|
|
|
195.201.57.90
|
ipwho.is
|
Germany
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3754000
|
trusted library allocation
|
page read and write
|
|
|
|
2CA1000
|
trusted library allocation
|
page read and write
|
|
|
|
720000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F36000
|
trusted library allocation
|
page read and write
|
|
|
|
4154000
|
trusted library allocation
|
page read and write
|
|
|
|
2751000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
6170000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
trusted library allocation
|
page read and write
|
||
|
2AC2000
|
trusted library allocation
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
552B000
|
trusted library allocation
|
page read and write
|
||
|
252E000
|
stack
|
page read and write
|
||
|
A38000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
564E000
|
trusted library allocation
|
page read and write
|
||
|
309F000
|
trusted library allocation
|
page read and write
|
||
|
2B6E000
|
stack
|
page read and write
|
||
|
E46000
|
heap
|
page read and write
|
||
|
4CA8000
|
trusted library allocation
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
5609000
|
heap
|
page read and write
|
||
|
5730000
|
trusted library allocation
|
page read and write
|
||
|
FD1000
|
heap
|
page read and write
|
||
|
523C000
|
trusted library allocation
|
page read and write
|
||
|
5FA0000
|
trusted library allocation
|
page read and write
|
||
|
60F0000
|
trusted library allocation
|
page read and write
|
||
|
274F000
|
stack
|
page read and write
|
||
|
6100000
|
trusted library allocation
|
page read and write
|
||
|
F23000
|
trusted library allocation
|
page execute and read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
2640000
|
heap
|
page execute and read and write
|
||
|
2580000
|
trusted library allocation
|
page read and write
|
||
|
5FB0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
5E26000
|
heap
|
page read and write
|
||
|
640F000
|
stack
|
page read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
5530000
|
heap
|
page read and write
|
||
|
2ACB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5690000
|
trusted library allocation
|
page read and write
|
||
|
F24000
|
trusted library allocation
|
page read and write
|
||
|
2ED7000
|
trusted library allocation
|
page read and write
|
||
|
658D000
|
stack
|
page read and write
|
||
|
6050000
|
trusted library allocation
|
page read and write
|
||
|
A3E000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
4BC0000
|
heap
|
page read and write
|
||
|
2EE6000
|
trusted library allocation
|
page read and write
|
||
|
F33000
|
trusted library allocation
|
page read and write
|
||
|
5710000
|
trusted library allocation
|
page read and write
|
||
|
6140000
|
trusted library allocation
|
page read and write
|
||
|
F74000
|
heap
|
page read and write
|
||
|
3096000
|
trusted library allocation
|
page read and write
|
||
|
5210000
|
trusted library allocation
|
page read and write
|
||
|
2EF6000
|
trusted library allocation
|
page read and write
|
||
|
71FD000
|
stack
|
page read and write
|
||
|
7F5B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5270000
|
trusted library allocation
|
page read and write
|
||
|
F81000
|
heap
|
page read and write
|
||
|
5770000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page execute and read and write
|
||
|
24E0000
|
trusted library allocation
|
page read and write
|
||
|
2F32000
|
trusted library allocation
|
page read and write
|
||
|
9F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DEE000
|
stack
|
page read and write
|
||
|
5F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
644C000
|
stack
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
6549000
|
stack
|
page read and write
|
||
|
4CE0000
|
heap
|
page execute and read and write
|
||
|
905000
|
heap
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page read and write
|
||
|
2EB6000
|
trusted library allocation
|
page read and write
|
||
|
2AC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
F4B000
|
heap
|
page read and write
|
||
|
5E22000
|
heap
|
page read and write
|
||
|
2ECF000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
2B70000
|
heap
|
page execute and read and write
|
||
|
55FC000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
2AB2000
|
trusted library allocation
|
page read and write
|
||
|
A5B000
|
heap
|
page read and write
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
3CA1000
|
trusted library allocation
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
2AB0000
|
trusted library allocation
|
page read and write
|
||
|
2ABA000
|
trusted library allocation
|
page execute and read and write
|
||
|
5F85000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2D27000
|
trusted library allocation
|
page read and write
|
||
|
51D0000
|
trusted library allocation
|
page read and write
|
||
|
B98000
|
stack
|
page read and write
|
||
|
56D0000
|
trusted library allocation
|
page read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
6130000
|
trusted library allocation
|
page execute and read and write
|
||
|
6010000
|
trusted library allocation
|
page read and write
|
||
|
5EAD000
|
heap
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page read and write
|
||
|
5DE6000
|
heap
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page read and write
|
||
|
6065000
|
trusted library allocation
|
page read and write
|
||
|
72FE000
|
stack
|
page read and write
|
||
|
309D000
|
trusted library allocation
|
page read and write
|
||
|
EC0000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
71B0000
|
heap
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
75FE000
|
stack
|
page read and write
|
||
|
7450000
|
trusted library allocation
|
page read and write
|
||
|
F20000
|
trusted library allocation
|
page read and write
|
||
|
6CAD000
|
stack
|
page read and write
|
||
|
6158000
|
trusted library allocation
|
page read and write
|
||
|
5260000
|
trusted library allocation
|
page read and write
|
||
|
FA7000
|
heap
|
page read and write
|
||
|
6063000
|
trusted library allocation
|
page read and write
|
||
|
F3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
577C000
|
trusted library allocation
|
page read and write
|
||
|
309B000
|
trusted library allocation
|
page read and write
|
||
|
733E000
|
stack
|
page read and write
|
||
|
2EF3000
|
trusted library allocation
|
page read and write
|
||
|
F2000
|
unkown
|
page readonly
|
||
|
6047000
|
trusted library allocation
|
page read and write
|
||
|
A71000
|
heap
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
6020000
|
trusted library allocation
|
page read and write
|
||
|
79AE000
|
stack
|
page read and write
|
||
|
3099000
|
trusted library allocation
|
page read and write
|
||
|
7600000
|
heap
|
page execute and read and write
|
||
|
60E0000
|
trusted library allocation
|
page read and write
|
||
|
6120000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
706F000
|
stack
|
page read and write
|
||
|
61B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
61C0000
|
trusted library allocation
|
page read and write
|
||
|
6090000
|
trusted library allocation
|
page read and write
|
||
|
3751000
|
trusted library allocation
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
5300000
|
trusted library allocation
|
page execute and read and write
|
||
|
5780000
|
trusted library allocation
|
page read and write
|
||
|
810000
|
heap
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
6061000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
5F70000
|
trusted library allocation
|
page read and write
|
||
|
6110000
|
trusted library allocation
|
page read and write
|
||
|
57AD000
|
trusted library allocation
|
page read and write
|
||
|
F2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5540000
|
heap
|
page read and write
|
||
|
54E0000
|
trusted library allocation
|
page read and write
|
||
|
51A0000
|
trusted library allocation
|
page read and write
|
||
|
6080000
|
trusted library allocation
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
A2B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3CA7000
|
trusted library allocation
|
page read and write
|
||
|
5275000
|
trusted library allocation
|
page read and write
|
||
|
A30000
|
heap
|
page read and write
|
||
|
3CAD000
|
trusted library allocation
|
page read and write
|
||
|
57AA000
|
trusted library allocation
|
page read and write
|
||
|
7960000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D70000
|
heap
|
page read and write
|
||
|
6070000
|
trusted library allocation
|
page execute and read and write
|
||
|
A04000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
484E000
|
stack
|
page read and write
|
||
|
A27000
|
trusted library allocation
|
page execute and read and write
|
||
|
60DD000
|
trusted library allocation
|
page read and write
|
||
|
5720000
|
trusted library allocation
|
page read and write
|
||
|
2F71000
|
trusted library allocation
|
page read and write
|
||
|
60B0000
|
trusted library allocation
|
page read and write
|
||
|
3CB7000
|
trusted library allocation
|
page read and write
|
||
|
7AAE000
|
stack
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
6030000
|
trusted library allocation
|
page read and write
|
||
|
52BF000
|
trusted library allocation
|
page read and write
|
||
|
2EEA000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
5236000
|
trusted library allocation
|
page read and write
|
||
|
EC5000
|
heap
|
page read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
51A5000
|
trusted library allocation
|
page read and write
|
||
|
2AE0000
|
trusted library allocation
|
page read and write
|
||
|
6F6D000
|
stack
|
page read and write
|
||
|
51C3000
|
heap
|
page read and write
|
||
|
51B0000
|
trusted library allocation
|
page read and write
|
||
|
2F6D000
|
trusted library allocation
|
page read and write
|
||
|
A99000
|
stack
|
page read and write
|
||
|
A57000
|
heap
|
page read and write
|
||
|
56A1000
|
trusted library allocation
|
page read and write
|
||
|
7440000
|
trusted library allocation
|
page read and write
|
||
|
60D0000
|
trusted library allocation
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
1012000
|
heap
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
601A000
|
trusted library allocation
|
page read and write
|
||
|
4AC000
|
stack
|
page read and write
|
||
|
2EBC000
|
trusted library allocation
|
page read and write
|
||
|
74BE000
|
stack
|
page read and write
|
||
|
5510000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
6040000
|
trusted library allocation
|
page read and write
|
||
|
55E5000
|
heap
|
page read and write
|
||
|
2570000
|
trusted library allocation
|
page execute and read and write
|
||
|
60C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
F7E000
|
heap
|
page read and write
|
||
|
FFB000
|
heap
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
57A0000
|
trusted library allocation
|
page read and write
|
||
|
630E000
|
stack
|
page read and write
|
||
|
60A0000
|
trusted library allocation
|
page read and write
|
||
|
55EC000
|
heap
|
page read and write
|
||
|
5A9000
|
stack
|
page read and write
|
||
|
94E000
|
stack
|
page read and write
|
||
|
9FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
6CEE000
|
stack
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
56B0000
|
trusted library allocation
|
page read and write
|
||
|
2AB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
2AC0000
|
trusted library allocation
|
page read and write
|
||
|
5180000
|
heap
|
page read and write
|
||
|
5F80000
|
trusted library allocation
|
page read and write
|
||
|
3CC7000
|
trusted library allocation
|
page read and write
|
||
|
9F4000
|
trusted library allocation
|
page read and write
|
||
|
743E000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
2C7E000
|
stack
|
page read and write
|
There are 226 hidden memdumps, click here to show them.