Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
chrome.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\chrome.exe
|
"C:\Users\user\Desktop\chrome.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
|
|
C:\Users\user\AppData\Roaming\svchost.exe
|
"C:\Users\user\AppData\Roaming\svchost.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
158.247.200.45
|
|
||
|
https://www.nuget.org/packages/Newtonsoft.Json.Bson
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
https://www.newtonsoft.com/jsonschema
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
158.247.200.45
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
svchost
|
||
|
HKEY_CURRENT_USER\SOFTWARE\E830DA85A0C79A6314FD
|
B6D8BCCDF123CEAC6B9642AD3500D4E0B3D30B9C9DD2D29499D38C02BD8F9982
|
||
|
HKEY_CURRENT_USER\SOFTWARE\E830DA85A0C79A6314FD
|
CC52384910CEE944DDBCC575A8E0177BFA6B16E3032438B207797164D5C94B34
|
||
|
HKEY_CURRENT_USER\SOFTWARE\E830DA85A0C79A6314FD
|
018E06F57725563E4525700EDFFAFB1B062BF5D4B0E9FEE498507F0F8200FCDF
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
542000
|
unkown
|
page readonly
|
|
|
|
2811000
|
trusted library allocation
|
page read and write
|
|
|
|
E60000
|
trusted library section
|
page read and write
|
|
|
|
1B76F000
|
heap
|
page read and write
|
||
|
987000
|
heap
|
page read and write
|
||
|
1702000
|
heap
|
page read and write
|
||
|
7FFD342A0000
|
trusted library allocation
|
page read and write
|
||
|
1B28F000
|
stack
|
page read and write
|
||
|
7FFD33FF2000
|
trusted library allocation
|
page read and write
|
||
|
1B143000
|
heap
|
page read and write
|
||
|
7FFD33FE2000
|
trusted library allocation
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
299B000
|
trusted library allocation
|
page read and write
|
||
|
1B7A8000
|
heap
|
page read and write
|
||
|
E2C000
|
heap
|
page read and write
|
||
|
7FFD34310000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD9D000
|
stack
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
7FFD341A7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342C0000
|
trusted library allocation
|
page read and write
|
||
|
1402000
|
heap
|
page read and write
|
||
|
3110000
|
heap
|
page execute and read and write
|
||
|
E13000
|
heap
|
page read and write
|
||
|
7FFD33FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BD0F000
|
stack
|
page read and write
|
||
|
1C20B000
|
stack
|
page read and write
|
||
|
1A840000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3100000
|
heap
|
page read and write
|
||
|
1B900000
|
heap
|
page read and write
|
||
|
9C8000
|
heap
|
page read and write
|
||
|
99A000
|
heap
|
page read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
7FFD341B0000
|
trusted library allocation
|
page read and write
|
||
|
E87000
|
heap
|
page read and write
|
||
|
7FFD340F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1602000
|
heap
|
page read and write
|
||
|
1D0FF000
|
stack
|
page read and write
|
||
|
7FFD33FFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
1AB90000
|
heap
|
page read and write
|
||
|
29E0000
|
trusted library allocation
|
page read and write
|
||
|
E56000
|
heap
|
page read and write
|
||
|
7FFD342B0000
|
trusted library allocation
|
page read and write
|
||
|
2957000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34170000
|
trusted library allocation
|
page read and write
|
||
|
2EA1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34191000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342F0000
|
trusted library allocation
|
page read and write
|
||
|
2EAC000
|
trusted library allocation
|
page read and write
|
||
|
12CE000
|
stack
|
page read and write
|
||
|
2EB1000
|
trusted library allocation
|
page read and write
|
||
|
1C3F9000
|
heap
|
page read and write
|
||
|
1251000
|
heap
|
page read and write
|
||
|
2A1B000
|
trusted library allocation
|
page read and write
|
||
|
1B74B000
|
heap
|
page read and write
|
||
|
7FFD340B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1229000
|
heap
|
page read and write
|
||
|
7FFD3402C000
|
trusted library allocation
|
page execute and read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page execute and read and write
|
||
|
29DA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34219000
|
trusted library allocation
|
page read and write
|
||
|
2DDD000
|
trusted library allocation
|
page read and write
|
||
|
1B2CE000
|
stack
|
page read and write
|
||
|
1B700000
|
heap
|
page read and write
|
||
|
7FFD34410000
|
trusted library allocation
|
page read and write
|
||
|
28E4000
|
trusted library allocation
|
page read and write
|
||
|
12C7000
|
heap
|
page read and write
|
||
|
2943000
|
trusted library allocation
|
page read and write
|
||
|
ED5000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
12EA3000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
1B742000
|
heap
|
page read and write
|
||
|
7FFD33FDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34280000
|
trusted library allocation
|
page read and write
|
||
|
2DD9000
|
trusted library allocation
|
page read and write
|
||
|
8F4000
|
stack
|
page read and write
|
||
|
124A000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FF4000
|
trusted library allocation
|
page read and write
|
||
|
1C400000
|
trusted library section
|
page read and write
|
||
|
13228000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
1B711000
|
heap
|
page read and write
|
||
|
7FFD33FE4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD340A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29E3000
|
trusted library allocation
|
page read and write
|
||
|
12953000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341D0000
|
trusted library allocation
|
page read and write
|
||
|
1B726000
|
heap
|
page read and write
|
||
|
7FFD341B9000
|
trusted library allocation
|
page read and write
|
||
|
1BF0F000
|
stack
|
page read and write
|
||
|
E58000
|
heap
|
page read and write
|
||
|
E3B000
|
heap
|
page read and write
|
||
|
7FFD342D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34090000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B31D000
|
stack
|
page read and write
|
||
|
E21000
|
heap
|
page read and write
|
||
|
321F000
|
stack
|
page read and write
|
||
|
7FFD34420000
|
trusted library allocation
|
page read and write
|
||
|
1D310000
|
heap
|
page read and write
|
||
|
1C3F0000
|
heap
|
page read and write
|
||
|
7FFD33FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCFF000
|
stack
|
page read and write
|
||
|
1BE0C000
|
stack
|
page read and write
|
||
|
7FFD34392000
|
trusted library allocation
|
page read and write
|
||
|
1B745000
|
heap
|
page read and write
|
||
|
7FFD341C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34080000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
13223000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3402C000
|
trusted library allocation
|
page execute and read and write
|
||
|
99C000
|
heap
|
page read and write
|
||
|
7FFD3408C000
|
trusted library allocation
|
page execute and read and write
|
||
|
E5C000
|
heap
|
page read and write
|
||
|
E24000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page execute and read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
122E000
|
heap
|
page read and write
|
||
|
7FFD34250000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
322C000
|
trusted library allocation
|
page read and write
|
||
|
983000
|
heap
|
page read and write
|
||
|
14E0000
|
heap
|
page read and write
|
||
|
12EA8000
|
trusted library allocation
|
page read and write
|
||
|
1BF0D000
|
stack
|
page read and write
|
||
|
1B140000
|
heap
|
page read and write
|
||
|
B93000
|
trusted library allocation
|
page read and write
|
||
|
296F000
|
trusted library allocation
|
page read and write
|
||
|
277E000
|
stack
|
page read and write
|
||
|
7FF489D50000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34400000
|
trusted library allocation
|
page read and write
|
||
|
1C00C000
|
stack
|
page read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1BD0A000
|
stack
|
page read and write
|
||
|
7FFD33FD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
E62000
|
heap
|
page read and write
|
||
|
7FFD34230000
|
trusted library allocation
|
page read and write
|
||
|
1BAFF000
|
stack
|
page read and write
|
||
|
1BBFF000
|
stack
|
page read and write
|
||
|
123F000
|
heap
|
page read and write
|
||
|
1C10C000
|
stack
|
page read and write
|
||
|
7FFD34080000
|
trusted library allocation
|
page read and write
|
||
|
1B79E000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
7FFD34100000
|
trusted library allocation
|
page execute and read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
CCE000
|
stack
|
page read and write
|
||
|
7FFD33FE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34086000
|
trusted library allocation
|
page read and write
|
||
|
29D6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34214000
|
trusted library allocation
|
page read and write
|
||
|
2945000
|
trusted library allocation
|
page read and write
|
||
|
2A19000
|
trusted library allocation
|
page read and write
|
||
|
DCC000
|
stack
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
12811000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34240000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34090000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FE4000
|
trusted library allocation
|
page read and write
|
||
|
2E09000
|
trusted library allocation
|
page read and write
|
||
|
BC5000
|
heap
|
page read and write
|
||
|
1B75E000
|
stack
|
page read and write
|
||
|
7FFD340B6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BC0D000
|
stack
|
page read and write
|
||
|
7FFD343F0000
|
trusted library allocation
|
page read and write
|
||
|
1C3FE000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
1213000
|
heap
|
page read and write
|
||
|
7FFD33FF0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34390000
|
trusted library allocation
|
page read and write
|
||
|
1B69C000
|
stack
|
page read and write
|
||
|
7FFD34290000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FF0000
|
trusted library allocation
|
page read and write
|
||
|
1C2D0000
|
heap
|
page read and write
|
||
|
1B762000
|
heap
|
page read and write
|
||
|
2E3F000
|
trusted library allocation
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
7FFD33FD4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FD3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2F0000
|
heap
|
page execute and read and write
|
||
|
1C2D5000
|
heap
|
page read and write
|
||
|
7FFD343D0000
|
trusted library allocation
|
page read and write
|
||
|
13221000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD341B2000
|
trusted library allocation
|
page read and write
|
||
|
9CD000
|
heap
|
page read and write
|
||
|
7FFD33FE2000
|
trusted library allocation
|
page read and write
|
||
|
1B782000
|
heap
|
page read and write
|
||
|
1226000
|
heap
|
page read and write
|
||
|
E70000
|
trusted library section
|
page read and write
|
||
|
30D0000
|
trusted library allocation
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
EDE000
|
heap
|
page read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
EC2000
|
heap
|
page read and write
|
||
|
1B5FD000
|
stack
|
page read and write
|
||
|
1B802000
|
heap
|
page read and write
|
||
|
1BE0E000
|
stack
|
page read and write
|
||
|
7FFD34170000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34300000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
1B4FF000
|
stack
|
page read and write
|
||
|
12948000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34270000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34180000
|
trusted library allocation
|
page read and write
|
||
|
1BA02000
|
heap
|
page read and write
|
||
|
EB1000
|
heap
|
page read and write
|
||
|
7FFD341A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34260000
|
trusted library allocation
|
page read and write
|
||
|
2E1E000
|
trusted library allocation
|
page read and write
|
||
|
1278000
|
heap
|
page read and write
|
||
|
7FFD34220000
|
trusted library allocation
|
page read and write
|
||
|
95C000
|
heap
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page read and write
|
||
|
123D000
|
heap
|
page read and write
|
||
|
1302000
|
heap
|
page read and write
|
||
|
1B6FB000
|
stack
|
page read and write
|
||
|
1B24A000
|
stack
|
page read and write
|
||
|
7FFD343A0000
|
trusted library allocation
|
page read and write
|
||
|
BC0000
|
heap
|
page read and write
|
||
|
7FFD33FD4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3417C000
|
trusted library allocation
|
page read and write
|
||
|
1360000
|
heap
|
page read and write
|
||
|
1B3F4000
|
stack
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
7FFD34000000
|
trusted library allocation
|
page read and write
|
||
|
EAE000
|
heap
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
1340000
|
heap
|
page read and write
|
||
|
7FFD340F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
956000
|
heap
|
page read and write
|
||
|
2EAF000
|
trusted library allocation
|
page read and write
|
||
|
7FFD342E0000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
E40000
|
unkown
|
page readonly
|
||
|
F02000
|
heap
|
page read and write
|
||
|
12C3000
|
heap
|
page read and write
|
||
|
7FFD340C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1350000
|
heap
|
page execute and read and write
|
||
|
1D300000
|
heap
|
page read and write
|
||
|
7FFD33FF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FD0000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
A12000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
7FFD343E0000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
7FFD34090000
|
trusted library allocation
|
page execute and read and write
|
||
|
FA4000
|
stack
|
page read and write
|
||
|
1B9E0000
|
heap
|
page read and write
|
||
|
7FFD34180000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB0000
|
trusted library section
|
page read and write
|
||
|
7FFD343C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD33FE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD33FD2000
|
trusted library allocation
|
page read and write
|
||
|
12EA1000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3403C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1281E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD343B0000
|
trusted library allocation
|
page read and write
|
||
|
B84000
|
stack
|
page read and write
|
||
|
7FFD33FED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E9E000
|
stack
|
page read and write
|
||
|
1C2E2000
|
heap
|
page read and write
|
||
|
1BC00000
|
heap
|
page execute and read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
7FFD33FE0000
|
trusted library allocation
|
page read and write
|
||
|
12D0000
|
heap
|
page read and write
|
||
|
1BB0A000
|
stack
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
3221000
|
trusted library allocation
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
1B788000
|
heap
|
page read and write
|
There are 271 hidden memdumps, click here to show them.