Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xutnF2gKGTTy.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\xutnF2gKGTTy.exe
|
"C:\Users\user\Desktop\xutnF2gKGTTy.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://crl.microsoft.
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bypass-asyn.4cloud.click
|
46.246.4.3
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.246.4.3
|
bypass-asyn.4cloud.click
|
Sweden
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
352000
|
unkown
|
page readonly
|
|
|
|
2631000
|
trusted library allocation
|
page read and write
|
|
|
|
23E4000
|
trusted library allocation
|
page read and write
|
||
|
637E000
|
stack
|
page read and write
|
||
|
2480000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D20000
|
trusted library allocation
|
page execute and read and write
|
||
|
5111000
|
trusted library allocation
|
page read and write
|
||
|
24B0000
|
heap
|
page execute and read and write
|
||
|
23E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
47CE000
|
stack
|
page read and write
|
||
|
BE0000
|
heap
|
page read and write
|
||
|
7A1000
|
heap
|
page read and write
|
||
|
84E000
|
heap
|
page read and write
|
||
|
23D0000
|
trusted library allocation
|
page read and write
|
||
|
4CF0000
|
heap
|
page read and write
|
||
|
5E20000
|
heap
|
page read and write
|
||
|
513F000
|
trusted library allocation
|
page read and write
|
||
|
819000
|
heap
|
page read and write
|
||
|
4BD7000
|
trusted library allocation
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
565E000
|
stack
|
page read and write
|
||
|
5150000
|
heap
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
54BE000
|
stack
|
page read and write
|
||
|
511D000
|
trusted library allocation
|
page read and write
|
||
|
4B6E000
|
stack
|
page read and write
|
||
|
7DC000
|
heap
|
page read and write
|
||
|
C06000
|
heap
|
page read and write
|
||
|
5E30000
|
heap
|
page read and write
|
||
|
513C000
|
trusted library allocation
|
page read and write
|
||
|
4BC0000
|
trusted library allocation
|
page read and write
|
||
|
350000
|
unkown
|
page readonly
|
||
|
4BE0000
|
heap
|
page execute and read and write
|
||
|
67FC000
|
stack
|
page read and write
|
||
|
4C42000
|
heap
|
page read and write
|
||
|
2417000
|
trusted library allocation
|
page execute and read and write
|
||
|
5513000
|
heap
|
page read and write
|
||
|
66BC000
|
stack
|
page read and write
|
||
|
2490000
|
trusted library allocation
|
page read and write
|
||
|
2406000
|
trusted library allocation
|
page execute and read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
4D7A000
|
heap
|
page read and write
|
||
|
23FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
601E000
|
unkown
|
page read and write
|
||
|
5E0D000
|
stack
|
page read and write
|
||
|
A1C000
|
stack
|
page read and write
|
||
|
2620000
|
heap
|
page read and write
|
||
|
4BB0000
|
trusted library allocation
|
page read and write
|
||
|
23E0000
|
trusted library allocation
|
page read and write
|
||
|
5D4F000
|
stack
|
page read and write
|
||
|
5DCE000
|
stack
|
page read and write
|
||
|
26DB000
|
trusted library allocation
|
page read and write
|
||
|
8C5000
|
heap
|
page read and write
|
||
|
561F000
|
stack
|
page read and write
|
||
|
5102000
|
trusted library allocation
|
page read and write
|
||
|
50FE000
|
trusted library allocation
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
2410000
|
trusted library allocation
|
page read and write
|
||
|
3694000
|
trusted library allocation
|
page read and write
|
||
|
2412000
|
trusted library allocation
|
page read and write
|
||
|
877000
|
heap
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page execute and read and write
|
||
|
510E000
|
trusted library allocation
|
page read and write
|
||
|
50FB000
|
trusted library allocation
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
5510000
|
heap
|
page read and write
|
||
|
5116000
|
trusted library allocation
|
page read and write
|
||
|
81E000
|
heap
|
page read and write
|
||
|
3659000
|
trusted library allocation
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
4BD0000
|
trusted library allocation
|
page read and write
|
||
|
4B10000
|
trusted library allocation
|
page read and write
|
||
|
4BAA000
|
stack
|
page read and write
|
||
|
5290000
|
heap
|
page read and write
|
||
|
611E000
|
stack
|
page read and write
|
||
|
4C49000
|
heap
|
page read and write
|
||
|
5F3E000
|
stack
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
7EFF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4638000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
788000
|
heap
|
page read and write
|
||
|
50F6000
|
trusted library allocation
|
page read and write
|
||
|
9DF000
|
stack
|
page read and write
|
||
|
647E000
|
stack
|
page read and write
|
||
|
77B000
|
heap
|
page read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
64FC000
|
stack
|
page read and write
|
||
|
4D6B000
|
heap
|
page read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
2402000
|
trusted library allocation
|
page read and write
|
||
|
241B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
4D66000
|
heap
|
page read and write
|
||
|
50E9000
|
stack
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
4BF0000
|
heap
|
page read and write
|
||
|
837000
|
heap
|
page read and write
|
||
|
5660000
|
trusted library allocation
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
3FC000
|
stack
|
page read and write
|
||
|
23ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
3631000
|
trusted library allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
817000
|
heap
|
page read and write
|
||
|
25BF000
|
stack
|
page read and write
|
||
|
65FD000
|
stack
|
page read and write
|
||
|
5690000
|
heap
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
6F8000
|
stack
|
page read and write
|
||
|
240A000
|
trusted library allocation
|
page execute and read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
5130000
|
trusted library allocation
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
67BD000
|
stack
|
page read and write
|
||
|
247E000
|
stack
|
page read and write
|
||
|
69FE000
|
stack
|
page read and write
|
||
|
54FE000
|
stack
|
page read and write
|
There are 115 hidden memdumps, click here to show them.