Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
aXDh3Stgy2.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\aXDh3Stgy2.exe
|
"C:\Users\user\Desktop\aXDh3Stgy2.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
netsh firewall add allowedprogram "C:\Users\user\Desktop\aXDh3Stgy2.exe" "aXDh3Stgy2.exe" ENABLE
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
|
||
|
http://go.microsoft.
|
unknown
|
||
|
https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0
|
unknown
|
||
|
http://go.microsoft.LinkId=42127
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
0.tcp.eu.ngrok.io
|
18.158.249.75
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
3.125.223.134
|
unknown
|
United States
|
|
|
|
3.125.209.94
|
unknown
|
United States
|
|
|
|
3.124.142.205
|
unknown
|
United States
|
|
|
|
18.158.249.75
|
0.tcp.eu.ngrok.io
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER
|
di
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2C2000
|
unkown
|
page readonly
|
|
|
|
751000
|
heap
|
page read and write
|
||
|
7B3000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
BC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
4DFE000
|
stack
|
page read and write
|
||
|
50E0000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
4D07000
|
heap
|
page read and write
|
||
|
759000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
BDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
64E000
|
unkown
|
page read and write
|
||
|
5210000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
8BE000
|
heap
|
page read and write
|
||
|
7F650000
|
trusted library allocation
|
page execute and read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
35A000
|
stack
|
page read and write
|
||
|
4CDF000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
94B000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
90D000
|
heap
|
page read and write
|
||
|
4BDC000
|
stack
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
4CE6000
|
heap
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
708000
|
heap
|
page read and write
|
||
|
70F000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
D00000
|
heap
|
page execute and read and write
|
||
|
71A000
|
heap
|
page read and write
|
||
|
29D0000
|
trusted library allocation
|
page read and write
|
||
|
763000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
29AC000
|
trusted library allocation
|
page read and write
|
||
|
4BE0000
|
unclassified section
|
page read and write
|
||
|
BEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
952000
|
heap
|
page read and write
|
||
|
6F6000
|
stack
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
F7E000
|
stack
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
72E000
|
heap
|
page read and write
|
||
|
4D0A000
|
heap
|
page read and write
|
||
|
3931000
|
trusted library allocation
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
BBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
3A0000
|
heap
|
page read and write
|
||
|
763000
|
heap
|
page read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
7B8000
|
heap
|
page read and write
|
||
|
CE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
CD0000
|
trusted library allocation
|
page read and write
|
||
|
2C0000
|
unkown
|
page readonly
|
||
|
2931000
|
trusted library allocation
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
C26000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
766000
|
heap
|
page read and write
|
||
|
E20000
|
trusted library allocation
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
72D000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
4C59000
|
stack
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
705000
|
heap
|
page read and write
|
||
|
4CFE000
|
stack
|
page read and write
|
||
|
BAA000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FB000
|
stack
|
page read and write
|
||
|
2CC000
|
unkown
|
page readonly
|
||
|
75C000
|
heap
|
page read and write
|
||
|
4938000
|
trusted library allocation
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
13EF000
|
stack
|
page read and write
|
||
|
4CDF000
|
heap
|
page read and write
|
||
|
70C000
|
heap
|
page read and write
|
||
|
4CD0000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
4CD7000
|
heap
|
page read and write
|
||
|
4D08000
|
heap
|
page read and write
|
||
|
12E0000
|
heap
|
page read and write
|
||
|
BB2000
|
trusted library allocation
|
page execute and read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
707000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
75B000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
712000
|
heap
|
page read and write
|
||
|
70A000
|
heap
|
page read and write
|
||
|
769000
|
heap
|
page read and write
|
||
|
4CE0000
|
heap
|
page read and write
|
||
|
4CD1000
|
heap
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
4B5C000
|
stack
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
754000
|
heap
|
page read and write
|
||
|
4F3000
|
stack
|
page read and write
|
||
|
6F6000
|
heap
|
page read and write
|
||
|
961000
|
heap
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
E0F000
|
stack
|
page read and write
|
||
|
4CDF000
|
heap
|
page read and write
|
||
|
752000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
4B9B000
|
stack
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
4D06000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
BD2000
|
trusted library allocation
|
page execute and read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
7BE000
|
heap
|
page read and write
|
||
|
6D4000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
4CE6000
|
heap
|
page read and write
|
||
|
718000
|
heap
|
page read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
772000
|
heap
|
page read and write
|
||
|
767000
|
heap
|
page read and write
|
||
|
BE2000
|
trusted library allocation
|
page read and write
|
||
|
BE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
757000
|
heap
|
page read and write
|
||
|
4C10000
|
heap
|
page read and write
|
||
|
751000
|
heap
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page execute and read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
7BA000
|
heap
|
page read and write
|
||
|
CAC000
|
stack
|
page read and write
|
||
|
714000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
76C000
|
heap
|
page read and write
|
||
|
4CE2000
|
heap
|
page read and write
|
||
|
8BE000
|
unkown
|
page read and write
|
||
|
2987000
|
trusted library allocation
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
4D09000
|
heap
|
page read and write
|
||
|
68D000
|
stack
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
6F9000
|
heap
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
4CD6000
|
heap
|
page read and write
|
||
|
4CE9000
|
heap
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
7BD000
|
heap
|
page read and write
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
6CB000
|
heap
|
page read and write
|
||
|
76B000
|
heap
|
page read and write
|
||
|
4D06000
|
heap
|
page read and write
|
||
|
4CDF000
|
heap
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
4C13000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
BA2000
|
trusted library allocation
|
page execute and read and write
|
||
|
6E1000
|
heap
|
page read and write
|
||
|
943000
|
heap
|
page read and write
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
713000
|
heap
|
page read and write
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
4CE9000
|
heap
|
page read and write
|
||
|
3E0000
|
heap
|
page read and write
|
||
|
E7E000
|
stack
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
B76000
|
heap
|
page read and write
|
||
|
75C000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
709000
|
heap
|
page read and write
|
||
|
5200000
|
heap
|
page read and write
|
||
|
3A5000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
There are 210 hidden memdumps, click here to show them.