Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
T_240369_S#U0130PAR#U0130S.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\T_240369_S#U0130PAR#U0130S.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe
|
"C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
|
|
|
|
C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe
|
"C:\Users\user\Desktop\T_240369_S#U0130PAR#U0130S.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://discord.com
|
unknown
|
|
|
|
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWub
|
unknown
|
|
|
|
https://discord.com/api/webhooks/1220536277670170814/IOSQHt77jsZT7zo7kkUiyq8x8TaToq4-BxVLqMXGe4ffWubgOFeoq2CnEl3NjjJYkJNd
|
162.159.137.232
|
|
|
|
https://media.discordapp.net/attachments/1220534378975854717/1222892686101708902/user-528110_2024-0
|
unknown
|
||
|
https://github.com/mgravell/protobuf-neti
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://github.com/mgravell/protobuf-netJ
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354
|
unknown
|
||
|
http://ip-api.com
|
unknown
|
||
|
https://github.com/mgravell/protobuf-net
|
unknown
|
||
|
https://cdn.discordapp.com/attachments/1220534378975854717/1222892686101708902/user-528110_2024-03-
|
unknown
|
||
|
http://discord.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
There are 6 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
discord.com
|
162.159.137.232
|
|
|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
162.159.137.232
|
discord.com
|
United States
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\T_240369_S#U0130PAR#U0130S_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3F81000
|
trusted library allocation
|
page read and write
|
|
|
|
477F000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
5C10000
|
trusted library section
|
page read and write
|
|
|
|
2B61000
|
trusted library allocation
|
page read and write
|
|
|
|
49EB000
|
trusted library allocation
|
page read and write
|
|
|
|
55E0000
|
trusted library section
|
page read and write
|
|
|
|
315D000
|
trusted library allocation
|
page read and write
|
|
|
|
56F8000
|
trusted library allocation
|
page read and write
|
||
|
6670000
|
trusted library allocation
|
page execute and read and write
|
||
|
6B30000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FCD000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
trusted library allocation
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
4C5D000
|
stack
|
page read and write
|
||
|
10CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6564000
|
heap
|
page read and write
|
||
|
2F96000
|
trusted library allocation
|
page read and write
|
||
|
5A02000
|
heap
|
page read and write
|
||
|
2FA4000
|
trusted library allocation
|
page read and write
|
||
|
30FF000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
2BE4000
|
trusted library allocation
|
page read and write
|
||
|
2FC1000
|
trusted library allocation
|
page read and write
|
||
|
1533000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
5700000
|
trusted library allocation
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
2FE2000
|
trusted library allocation
|
page read and write
|
||
|
2FCB000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
remote allocation
|
page execute and read and write
|
||
|
1207000
|
heap
|
page read and write
|
||
|
1542000
|
trusted library allocation
|
page read and write
|
||
|
6500000
|
heap
|
page read and write
|
||
|
10C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
603D000
|
stack
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1524000
|
trusted library allocation
|
page read and write
|
||
|
1552000
|
trusted library allocation
|
page read and write
|
||
|
11E0000
|
trusted library allocation
|
page read and write
|
||
|
2FE4000
|
trusted library allocation
|
page read and write
|
||
|
2BD5000
|
trusted library allocation
|
page read and write
|
||
|
2BE8000
|
trusted library allocation
|
page read and write
|
||
|
56E0000
|
heap
|
page read and write
|
||
|
2FC7000
|
trusted library allocation
|
page read and write
|
||
|
4FC6000
|
trusted library allocation
|
page read and write
|
||
|
129B000
|
heap
|
page read and write
|
||
|
1150000
|
trusted library allocation
|
page read and write
|
||
|
5B60000
|
trusted library allocation
|
page read and write
|
||
|
596E000
|
stack
|
page read and write
|
||
|
2F87000
|
trusted library allocation
|
page read and write
|
||
|
6E5E000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
10A3000
|
trusted library allocation
|
page execute and read and write
|
||
|
116D000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
2FE0000
|
trusted library allocation
|
page read and write
|
||
|
1546000
|
trusted library allocation
|
page execute and read and write
|
||
|
3125000
|
trusted library allocation
|
page read and write
|
||
|
1025000
|
heap
|
page read and write
|
||
|
613E000
|
stack
|
page read and write
|
||
|
10D2000
|
trusted library allocation
|
page read and write
|
||
|
1218000
|
heap
|
page read and write
|
||
|
2FC3000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
trusted library allocation
|
page execute and read and write
|
||
|
128C000
|
heap
|
page read and write
|
||
|
10D5000
|
trusted library allocation
|
page execute and read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
582C000
|
trusted library allocation
|
page read and write
|
||
|
E50000
|
trusted library allocation
|
page read and write
|
||
|
59CC000
|
heap
|
page read and write
|
||
|
A69000
|
stack
|
page read and write
|
||
|
311E000
|
trusted library allocation
|
page read and write
|
||
|
6607000
|
trusted library allocation
|
page read and write
|
||
|
655A000
|
heap
|
page read and write
|
||
|
54B2000
|
trusted library allocation
|
page read and write
|
||
|
5BA0000
|
trusted library allocation
|
page read and write
|
||
|
10D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FAA000
|
trusted library allocation
|
page read and write
|
||
|
6B20000
|
heap
|
page read and write
|
||
|
664D000
|
stack
|
page read and write
|
||
|
654D000
|
heap
|
page read and write
|
||
|
E7E000
|
heap
|
page read and write
|
||
|
6660000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F4E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FBE000
|
trusted library allocation
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
4FA6000
|
trusted library allocation
|
page read and write
|
||
|
E93000
|
heap
|
page read and write
|
||
|
5B86000
|
trusted library allocation
|
page read and write
|
||
|
6AD0000
|
trusted library allocation
|
page read and write
|
||
|
2B5E000
|
stack
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
4FBA000
|
trusted library allocation
|
page read and write
|
||
|
5160000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page execute and read and write
|
||
|
F50000
|
heap
|
page read and write
|
||
|
2FA8000
|
trusted library allocation
|
page read and write
|
||
|
CCC000
|
stack
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
29B8000
|
trusted library allocation
|
page read and write
|
||
|
1660000
|
heap
|
page read and write
|
||
|
166B000
|
heap
|
page read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
1245000
|
heap
|
page read and write
|
||
|
EED000
|
heap
|
page read and write
|
||
|
30EF000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
trusted library allocation
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
DC7000
|
stack
|
page read and write
|
||
|
6AE0000
|
trusted library allocation
|
page read and write
|
||
|
5BE5000
|
trusted library allocation
|
page read and write
|
||
|
5AE0000
|
trusted library allocation
|
page read and write
|
||
|
312B000
|
trusted library allocation
|
page read and write
|
||
|
10AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1252000
|
heap
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
ED9000
|
heap
|
page read and write
|
||
|
6AD7000
|
trusted library allocation
|
page read and write
|
||
|
3137000
|
trusted library allocation
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
54C2000
|
trusted library allocation
|
page read and write
|
||
|
2F1F000
|
stack
|
page read and write
|
||
|
4FA0000
|
trusted library allocation
|
page read and write
|
||
|
485F000
|
trusted library allocation
|
page read and write
|
||
|
670E000
|
stack
|
page read and write
|
||
|
154A000
|
trusted library allocation
|
page execute and read and write
|
||
|
3105000
|
trusted library allocation
|
page read and write
|
||
|
6514000
|
heap
|
page read and write
|
||
|
140F000
|
stack
|
page read and write
|
||
|
10BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B90000
|
trusted library allocation
|
page read and write
|
||
|
5AF0000
|
trusted library section
|
page read and write
|
||
|
502C000
|
stack
|
page read and write
|
||
|
11F0000
|
trusted library allocation
|
page read and write
|
||
|
48EF000
|
trusted library allocation
|
page read and write
|
||
|
5D10000
|
trusted library allocation
|
page execute and read and write
|
||
|
30FB000
|
trusted library allocation
|
page read and write
|
||
|
3BCB000
|
trusted library allocation
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
4FAB000
|
trusted library allocation
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
1140000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FB2000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
trusted library allocation
|
page read and write
|
||
|
3366000
|
trusted library allocation
|
page read and write
|
||
|
2FC5000
|
trusted library allocation
|
page read and write
|
||
|
962000
|
unkown
|
page readonly
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
2FCE000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
5B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page read and write
|
||
|
53C5000
|
trusted library allocation
|
page read and write
|
||
|
6D5E000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2F91000
|
trusted library allocation
|
page read and write
|
||
|
54BF000
|
trusted library allocation
|
page read and write
|
||
|
2C41000
|
trusted library allocation
|
page read and write
|
||
|
4967000
|
trusted library allocation
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
313B000
|
trusted library allocation
|
page read and write
|
||
|
E96000
|
heap
|
page read and write
|
||
|
549C000
|
stack
|
page read and write
|
||
|
155B000
|
trusted library allocation
|
page execute and read and write
|
||
|
3131000
|
trusted library allocation
|
page read and write
|
||
|
6600000
|
trusted library allocation
|
page read and write
|
||
|
690E000
|
stack
|
page read and write
|
||
|
55DE000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
10A0000
|
trusted library allocation
|
page read and write
|
||
|
53C0000
|
trusted library allocation
|
page read and write
|
||
|
2FAC000
|
trusted library allocation
|
page read and write
|
||
|
5153000
|
heap
|
page read and write
|
||
|
2FDC000
|
trusted library allocation
|
page read and write
|
||
|
674E000
|
stack
|
page read and write
|
||
|
11AC000
|
stack
|
page read and write
|
||
|
5C80000
|
trusted library section
|
page read and write
|
||
|
50E0000
|
heap
|
page execute and read and write
|
||
|
3B61000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
152D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FD2000
|
trusted library allocation
|
page read and write
|
||
|
5B50000
|
trusted library allocation
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
312D000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
54AE000
|
stack
|
page read and write
|
||
|
5B80000
|
trusted library allocation
|
page read and write
|
||
|
960000
|
unkown
|
page readonly
|
||
|
2BD7000
|
trusted library allocation
|
page read and write
|
||
|
507E000
|
stack
|
page read and write
|
||
|
10C2000
|
trusted library allocation
|
page read and write
|
||
|
11E4000
|
trusted library allocation
|
page read and write
|
||
|
10DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3109000
|
trusted library allocation
|
page read and write
|
||
|
153D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FBF000
|
trusted library allocation
|
page read and write
|
||
|
2FAE000
|
trusted library allocation
|
page read and write
|
||
|
150E000
|
stack
|
page read and write
|
||
|
2A50000
|
heap
|
page execute and read and write
|
||
|
3139000
|
trusted library allocation
|
page read and write
|
||
|
6750000
|
heap
|
page read and write
|
||
|
2FE7000
|
trusted library allocation
|
page read and write
|
||
|
2C66000
|
trusted library allocation
|
page read and write
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
1523000
|
trusted library allocation
|
page execute and read and write
|
||
|
121E000
|
heap
|
page read and write
|
||
|
65B3000
|
heap
|
page read and write
|
||
|
11AD000
|
stack
|
page read and write
|
||
|
3B89000
|
trusted library allocation
|
page read and write
|
||
|
E68000
|
heap
|
page read and write
|
||
|
F4D000
|
heap
|
page read and write
|
||
|
54B8000
|
trusted library allocation
|
page read and write
|
||
|
59C4000
|
heap
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
5BF0000
|
trusted library allocation
|
page read and write
|
||
|
B69000
|
stack
|
page read and write
|
||
|
3107000
|
trusted library allocation
|
page read and write
|
||
|
2BE0000
|
trusted library allocation
|
page read and write
|
||
|
2C54000
|
trusted library allocation
|
page read and write
|
||
|
3103000
|
trusted library allocation
|
page read and write
|
||
|
2F93000
|
trusted library allocation
|
page read and write
|
||
|
E89000
|
heap
|
page read and write
|
||
|
3101000
|
trusted library allocation
|
page read and write
|
||
|
10F0000
|
trusted library allocation
|
page read and write
|
||
|
30FD000
|
trusted library allocation
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
570D000
|
trusted library allocation
|
page read and write
|
||
|
5CF0000
|
trusted library allocation
|
page read and write
|
||
|
2FC9000
|
trusted library allocation
|
page read and write
|
||
|
E9E000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
2FB3000
|
trusted library allocation
|
page read and write
|
||
|
53E0000
|
heap
|
page read and write
|
||
|
11D0000
|
trusted library allocation
|
page read and write
|
||
|
CF0000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
53C2000
|
trusted library allocation
|
page read and write
|
||
|
5AE4000
|
trusted library allocation
|
page read and write
|
||
|
4FAE000
|
trusted library allocation
|
page read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
127D000
|
heap
|
page read and write
|
||
|
5AC0000
|
trusted library allocation
|
page read and write
|
||
|
D27000
|
heap
|
page read and write
|
||
|
4FC1000
|
trusted library allocation
|
page read and write
|
||
|
6760000
|
trusted library allocation
|
page read and write
|
||
|
2FDE000
|
trusted library allocation
|
page read and write
|
||
|
6AF0000
|
trusted library allocation
|
page read and write
|
||
|
3122000
|
trusted library allocation
|
page read and write
|
||
|
D8F000
|
stack
|
page read and write
|
||
|
1557000
|
trusted library allocation
|
page execute and read and write
|
||
|
586E000
|
stack
|
page read and write
|
||
|
5B70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F70000
|
heap
|
page execute and read and write
|
||
|
12F7000
|
heap
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
2C3D000
|
trusted library allocation
|
page read and write
|
||
|
10A4000
|
trusted library allocation
|
page read and write
|
||
|
6D10000
|
heap
|
page read and write
|
||
|
2BF8000
|
trusted library allocation
|
page read and write
|
||
|
3135000
|
trusted library allocation
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
2FDA000
|
trusted library allocation
|
page read and write
|
||
|
2FA6000
|
trusted library allocation
|
page read and write
|
||
|
311C000
|
trusted library allocation
|
page read and write
|
||
|
C3C000
|
unkown
|
page readonly
|
||
|
2BFA000
|
trusted library allocation
|
page read and write
|
||
|
6ACF000
|
stack
|
page read and write
|
There are 271 hidden memdumps, click here to show them.