Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\svchos.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp7BE4.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchos" /tr '"C:\Users\user\AppData\Roaming\svchos.exe"'
& exit
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmp7BE4.tmp.bat""
|
|
|
|
C:\Windows\SysWOW64\schtasks.exe
|
schtasks /create /f /sc onlogon /rl highest /tn "svchos" /tr '"C:\Users\user\AppData\Roaming\svchos.exe"'
|
|
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
C:\Users\user\AppData\Roaming\svchos.exe
|
|
|
|
C:\Users\user\AppData\Roaming\svchos.exe
|
"C:\Users\user\AppData\Roaming\svchos.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
leetboy.dynuddns.net
|
185.196.11.223
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.196.11.223
|
leetboy.dynuddns.net
|
Switzerland
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32E1000
|
trusted library allocation
|
page read and write
|
|
|
|
162000
|
unkown
|
page readonly
|
|
|
|
2773000
|
trusted library allocation
|
page read and write
|
|
|
|
30BC000
|
stack
|
page read and write
|
||
|
57F8000
|
heap
|
page read and write
|
||
|
49DD000
|
stack
|
page read and write
|
||
|
32B9000
|
trusted library allocation
|
page read and write
|
||
|
734D000
|
stack
|
page read and write
|
||
|
12F9000
|
stack
|
page read and write
|
||
|
137E000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
53DD000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page execute and read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
5764000
|
heap
|
page read and write
|
||
|
30C0000
|
trusted library allocation
|
page read and write
|
||
|
60CD000
|
stack
|
page read and write
|
||
|
B9E000
|
heap
|
page read and write
|
||
|
4E20000
|
trusted library allocation
|
page read and write
|
||
|
169E000
|
stack
|
page read and write
|
||
|
58AB000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
27DE000
|
stack
|
page read and write
|
||
|
93C000
|
stack
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
271C000
|
heap
|
page read and write
|
||
|
39A1000
|
trusted library allocation
|
page read and write
|
||
|
70C000
|
stack
|
page read and write
|
||
|
2717000
|
trusted library allocation
|
page read and write
|
||
|
6A14000
|
heap
|
page read and write
|
||
|
2B5F000
|
stack
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
69CE000
|
stack
|
page read and write
|
||
|
26F5000
|
trusted library allocation
|
page read and write
|
||
|
680E000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
5CB0000
|
trusted library allocation
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
183D000
|
trusted library allocation
|
page execute and read and write
|
||
|
58A6000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
trusted library allocation
|
page read and write
|
||
|
854000
|
trusted library allocation
|
page read and write
|
||
|
434E000
|
trusted library allocation
|
page read and write
|
||
|
7CE000
|
heap
|
page read and write
|
||
|
7DF000
|
heap
|
page read and write
|
||
|
26B3000
|
trusted library allocation
|
page read and write
|
||
|
1504000
|
heap
|
page read and write
|
||
|
25D0000
|
trusted library allocation
|
page read and write
|
||
|
3625000
|
trusted library allocation
|
page read and write
|
||
|
2713000
|
trusted library allocation
|
page read and write
|
||
|
8EE000
|
stack
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
25F0000
|
heap
|
page execute and read and write
|
||
|
A4F000
|
stack
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
165E000
|
stack
|
page read and write
|
||
|
4940000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
274E000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
583D000
|
stack
|
page read and write
|
||
|
2880000
|
heap
|
page read and write
|
||
|
872000
|
trusted library allocation
|
page read and write
|
||
|
3601000
|
trusted library allocation
|
page read and write
|
||
|
171C000
|
stack
|
page read and write
|
||
|
5BA9000
|
stack
|
page read and write
|
||
|
160000
|
unkown
|
page readonly
|
||
|
51DE000
|
stack
|
page read and write
|
||
|
3208000
|
trusted library allocation
|
page read and write
|
||
|
2745000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
5036000
|
heap
|
page read and write
|
||
|
1870000
|
trusted library allocation
|
page read and write
|
||
|
5774000
|
heap
|
page read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
744F000
|
stack
|
page read and write
|
||
|
182D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B64000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
B77000
|
trusted library allocation
|
page execute and read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
30E5000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
6150000
|
heap
|
page read and write
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
6A17000
|
heap
|
page read and write
|
||
|
58CD000
|
trusted library allocation
|
page read and write
|
||
|
1491000
|
heap
|
page read and write
|
||
|
58C6000
|
trusted library allocation
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
25A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
88B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5E93000
|
heap
|
page read and write
|
||
|
259E000
|
stack
|
page read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
274E000
|
heap
|
page read and write
|
||
|
BAA000
|
heap
|
page read and write
|
||
|
775C000
|
stack
|
page read and write
|
||
|
718D000
|
stack
|
page read and write
|
||
|
53C000
|
stack
|
page read and write
|
||
|
26F2000
|
trusted library allocation
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
5CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
29A1000
|
trusted library allocation
|
page read and write
|
||
|
704E000
|
stack
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
13A0000
|
heap
|
page read and write
|
||
|
2A5F000
|
unkown
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
7AFE000
|
stack
|
page read and write
|
||
|
2C0F000
|
heap
|
page read and write
|
||
|
16DE000
|
stack
|
page read and write
|
||
|
18D6000
|
heap
|
page read and write
|
||
|
4EB0000
|
heap
|
page execute and read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
C01000
|
heap
|
page read and write
|
||
|
58A0000
|
trusted library allocation
|
page read and write
|
||
|
58AE000
|
trusted library allocation
|
page read and write
|
||
|
1823000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
2710000
|
heap
|
page read and write
|
||
|
5E90000
|
heap
|
page read and write
|
||
|
2BA0000
|
heap
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
32B0000
|
trusted library allocation
|
page read and write
|
||
|
6A10000
|
heap
|
page read and write
|
||
|
43C000
|
stack
|
page read and write
|
||
|
4EC0000
|
heap
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
2789000
|
trusted library allocation
|
page read and write
|
||
|
B54000
|
trusted library allocation
|
page read and write
|
||
|
708C000
|
stack
|
page read and write
|
||
|
30E0000
|
trusted library allocation
|
page read and write
|
||
|
6A35000
|
heap
|
page read and write
|
||
|
6F4E000
|
stack
|
page read and write
|
||
|
6ADC000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
4AFE000
|
stack
|
page read and write
|
||
|
150B000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
754E000
|
stack
|
page read and write
|
||
|
5BB0000
|
heap
|
page read and write
|
||
|
5900000
|
heap
|
page execute and read and write
|
||
|
589A000
|
stack
|
page read and write
|
||
|
1842000
|
trusted library allocation
|
page read and write
|
||
|
853000
|
trusted library allocation
|
page execute and read and write
|
||
|
785E000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
26F9000
|
trusted library allocation
|
page read and write
|
||
|
887000
|
trusted library allocation
|
page execute and read and write
|
||
|
FCC000
|
stack
|
page read and write
|
||
|
5D20000
|
heap
|
page read and write
|
||
|
7F430000
|
trusted library allocation
|
page execute and read and write
|
||
|
2601000
|
trusted library allocation
|
page read and write
|
||
|
5E2E000
|
stack
|
page read and write
|
||
|
5E6E000
|
stack
|
page read and write
|
||
|
576D000
|
heap
|
page read and write
|
||
|
BE7000
|
heap
|
page read and write
|
||
|
581C000
|
heap
|
page read and write
|
||
|
724C000
|
stack
|
page read and write
|
||
|
143A000
|
heap
|
page read and write
|
||
|
13A7000
|
heap
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
58B2000
|
trusted library allocation
|
page read and write
|
||
|
50DF000
|
stack
|
page read and write
|
||
|
6ED000
|
stack
|
page read and write
|
||
|
58BE000
|
trusted library allocation
|
page read and write
|
||
|
1857000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FDF000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
BA2000
|
heap
|
page read and write
|
||
|
B53000
|
trusted library allocation
|
page execute and read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
1852000
|
trusted library allocation
|
page read and write
|
||
|
79FE000
|
stack
|
page read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2624000
|
trusted library allocation
|
page read and write
|
||
|
25B0000
|
trusted library allocation
|
page read and write
|
||
|
5CC0000
|
trusted library allocation
|
page read and write
|
||
|
58E0000
|
trusted library allocation
|
page read and write
|
||
|
5AAC000
|
stack
|
page read and write
|
||
|
23DE000
|
unkown
|
page read and write
|
||
|
42E1000
|
trusted library allocation
|
page read and write
|
||
|
273E000
|
heap
|
page read and write
|
||
|
99E000
|
stack
|
page read and write
|
||
|
338F000
|
trusted library allocation
|
page read and write
|
||
|
184A000
|
trusted library allocation
|
page execute and read and write
|
||
|
7710000
|
heap
|
page read and write
|
||
|
764D000
|
stack
|
page read and write
|
||
|
4DE0000
|
heap
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
860000
|
trusted library allocation
|
page read and write
|
||
|
4460000
|
heap
|
page read and write
|
||
|
274E000
|
heap
|
page read and write
|
||
|
6D0F000
|
stack
|
page read and write
|
||
|
58D2000
|
trusted library allocation
|
page read and write
|
||
|
4B30000
|
heap
|
page execute and read and write
|
||
|
1850000
|
trusted library allocation
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
4A7E000
|
stack
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
trusted library allocation
|
page read and write
|
||
|
58A4000
|
trusted library allocation
|
page read and write
|
||
|
740000
|
trusted library allocation
|
page read and write
|
||
|
4ABE000
|
stack
|
page read and write
|
||
|
25D5000
|
trusted library allocation
|
page read and write
|
||
|
2B90000
|
heap
|
page read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
5816000
|
heap
|
page read and write
|
||
|
4ADE000
|
stack
|
page read and write
|
||
|
18BE000
|
stack
|
page read and write
|
||
|
273D000
|
heap
|
page read and write
|
||
|
90E000
|
stack
|
page read and write
|
||
|
EA0000
|
heap
|
page read and write
|
||
|
B88000
|
heap
|
page read and write
|
||
|
6B08000
|
heap
|
page read and write
|
||
|
274E000
|
heap
|
page read and write
|
||
|
539000
|
stack
|
page read and write
|
||
|
2740000
|
trusted library allocation
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
28DF000
|
stack
|
page read and write
|
||
|
185B000
|
trusted library allocation
|
page execute and read and write
|
||
|
E67000
|
trusted library allocation
|
page execute and read and write
|
||
|
4B40000
|
heap
|
page read and write
|
||
|
698D000
|
stack
|
page read and write
|
||
|
B5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
789000
|
heap
|
page read and write
|
||
|
181D000
|
stack
|
page read and write
|
||
|
690D000
|
stack
|
page read and write
|
||
|
172000
|
unkown
|
page readonly
|
||
|
1497000
|
heap
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
85D000
|
trusted library allocation
|
page execute and read and write
|
||
|
6100000
|
trusted library allocation
|
page read and write
|
||
|
573C000
|
stack
|
page read and write
|
||
|
232D000
|
stack
|
page read and write
|
||
|
6FCE000
|
stack
|
page read and write
|
||
|
B40000
|
trusted library allocation
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
26FD000
|
stack
|
page read and write
|
||
|
18D0000
|
heap
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
EB0000
|
heap
|
page read and write
|
||
|
161E000
|
stack
|
page read and write
|
||
|
7EB000
|
heap
|
page read and write
|
||
|
76F000
|
heap
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
E5F000
|
stack
|
page read and write
|
||
|
18C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5720000
|
heap
|
page read and write
|
||
|
57C000
|
stack
|
page read and write
|
||
|
1509000
|
heap
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
1846000
|
trusted library allocation
|
page execute and read and write
|
||
|
BB6000
|
heap
|
page read and write
|
||
|
68D000
|
stack
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
BB4000
|
heap
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
58C1000
|
trusted library allocation
|
page read and write
|
||
|
4309000
|
trusted library allocation
|
page read and write
|
||
|
87A000
|
trusted library allocation
|
page execute and read and write
|
||
|
26FC000
|
trusted library allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
274E000
|
heap
|
page read and write
|
||
|
1445000
|
heap
|
page read and write
|
||
|
608E000
|
stack
|
page read and write
|
||
|
58F7000
|
trusted library allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
2990000
|
heap
|
page execute and read and write
|
||
|
877000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FC0000
|
heap
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
5CC8000
|
trusted library allocation
|
page read and write
|
||
|
4BB6000
|
heap
|
page read and write
|
||
|
1824000
|
trusted library allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
||
|
8A0000
|
trusted library allocation
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
1447000
|
heap
|
page read and write
|
||
|
274D000
|
heap
|
page read and write
|
||
|
6A20000
|
heap
|
page read and write
|
||
|
78F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
E6B000
|
trusted library allocation
|
page execute and read and write
|
There are 286 hidden memdumps, click here to show them.