Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Readouts.bat.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nsbEAA6.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\nsbEAA6.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Cassoon\frtr.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 2000x2000,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Cassoon\lukkedagenes.fli
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Cassoon\opisthocomine.nit
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Svovlkalk101\Destructibility232.Hae
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Svovlkalk101\Fraggings79.Bou
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\vaporarium\immunoassay\overniceness\Svovlkalk101\defencives.pol
|
data
|
dropped
|
||
|
C:\Windows\Resources\0809\mysterist.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Readouts.bat.exe
|
"C:\Users\user\Desktop\Readouts.bat.exe"
|
|
|
|
C:\Users\user\Desktop\Readouts.bat.exe
|
"C:\Users\user\Desktop\Readouts.bat.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://kkaou.lamd.shop/ts.binL
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binH
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binV
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binT
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin
|
172.93.121.126
|
||
|
http://www.ftp.ftp://ftp.gopher.
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binY
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binwshqos.dll.mui3
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bing
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin%
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binc
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binwshqos.dll.mui
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binm
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bini
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin6
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bint
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin3
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binr
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binq
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin0
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binwshqos.dll.muiY
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binz
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.bin8
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binmswsock.dll.mui
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binG
|
unknown
|
||
|
http://kkaou.lamd.shop/ts.binB
|
unknown
|
There are 20 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
kkaou.lamd.shop
|
172.93.121.126
|
||
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.93.121.126
|
kkaou.lamd.shop
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2115000
|
remote allocation
|
page execute and read and write
|
|
|
|
5615000
|
direct allocation
|
page execute and read and write
|
|
|
|
387D000
|
stack
|
page read and write
|
||
|
32570000
|
heap
|
page read and write
|
||
|
3252E000
|
stack
|
page read and write
|
||
|
3237E000
|
stack
|
page read and write
|
||
|
2968000
|
heap
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
85E000
|
stack
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
288A000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page read and write
|
||
|
5E8000
|
unkown
|
page write copy
|
||
|
3200000
|
direct allocation
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
5F2000
|
unkown
|
page write copy
|
||
|
4B60000
|
direct allocation
|
page execute and read and write
|
||
|
2BA0000
|
direct allocation
|
page read and write
|
||
|
1715000
|
remote allocation
|
page execute and read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
534000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
2886000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
81F000
|
stack
|
page read and write
|
||
|
36B0000
|
heap
|
page read and write
|
||
|
73CB1000
|
unkown
|
page execute read
|
||
|
534000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
2B90000
|
direct allocation
|
page read and write
|
||
|
3260F000
|
stack
|
page read and write
|
||
|
2780000
|
heap
|
page read and write
|
||
|
5EC000
|
unkown
|
page write copy
|
||
|
298B000
|
heap
|
page read and write
|
||
|
2928000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
61E000
|
stack
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
298E000
|
heap
|
page read and write
|
||
|
2888000
|
heap
|
page read and write
|
||
|
2884000
|
heap
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
5E6000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
435000
|
unkown
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
3210000
|
direct allocation
|
page read and write
|
||
|
73CB0000
|
unkown
|
page readonly
|
||
|
514000
|
heap
|
page read and write
|
||
|
2BD0000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page write copy
|
||
|
514000
|
heap
|
page read and write
|
||
|
73CB5000
|
unkown
|
page readonly
|
||
|
21DE000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
323FE000
|
stack
|
page read and write
|
||
|
3240000
|
direct allocation
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
4C15000
|
direct allocation
|
page execute and read and write
|
||
|
277F000
|
stack
|
page read and write
|
||
|
3256F000
|
stack
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
||
|
43D0000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
direct allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
42D000
|
unkown
|
page read and write
|
||
|
231F000
|
stack
|
page read and write
|
||
|
297D000
|
heap
|
page read and write
|
||
|
31C0000
|
direct allocation
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
||
|
3260000
|
direct allocation
|
page read and write
|
||
|
377C000
|
stack
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
323BF000
|
stack
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
2BF0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
450000
|
unkown
|
page readonly
|
||
|
427000
|
unkown
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
2885000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
31B0000
|
direct allocation
|
page read and write
|
||
|
325CE000
|
stack
|
page read and write
|
||
|
2BB0000
|
direct allocation
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
534000
|
heap
|
page read and write
|
||
|
5EE000
|
unkown
|
page write copy
|
||
|
528000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
528000
|
heap
|
page read and write
|
||
|
3247D000
|
stack
|
page read and write
|
||
|
2154000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1049000
|
unkown
|
page write copy
|
||
|
2850000
|
heap
|
page read and write
|
||
|
649000
|
unkown
|
page write copy
|
||
|
5F0000
|
unkown
|
page write copy
|
||
|
2BC0000
|
direct allocation
|
page read and write
|
||
|
2888000
|
heap
|
page read and write
|
||
|
44A000
|
unkown
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
403000
|
unkown
|
page write copy
|
||
|
2C00000
|
direct allocation
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
2100000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
512000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
31FC0000
|
direct allocation
|
page read and write
|
||
|
2963000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
3220000
|
direct allocation
|
page read and write
|
||
|
73CB3000
|
unkown
|
page readonly
|
||
|
5E4000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3243E000
|
stack
|
page read and write
|
||
|
28E0000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
324BB000
|
stack
|
page read and write
|
||
|
3230000
|
direct allocation
|
page read and write
|
||
|
5EA000
|
unkown
|
page write copy
|
||
|
2B80000
|
direct allocation
|
page read and write
|
||
|
2910000
|
direct allocation
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
2BE0000
|
direct allocation
|
page read and write
|
||
|
2C10000
|
heap
|
page read and write
|
||
|
2882000
|
heap
|
page read and write
|
||
|
219E000
|
stack
|
page read and write
|
||
|
2885000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
524000
|
heap
|
page read and write
|
||
|
2798000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
31E0000
|
direct allocation
|
page read and write
|
||
|
31A0000
|
heap
|
page read and write
|
||
|
2150000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
53A000
|
heap
|
page read and write
|
||
|
528000
|
heap
|
page read and write
|
||
|
3250000
|
direct allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
2B70000
|
direct allocation
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
524000
|
heap
|
page read and write
|
||
|
2979000
|
heap
|
page read and write
|
||
|
53D000
|
heap
|
page read and write
|
||
|
534000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
||
|
28E5000
|
heap
|
page read and write
|
||
|
514000
|
heap
|
page read and write
|
There are 171 hidden memdumps, click here to show them.