Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LZazJikRId.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\audiodrv.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LZazJikRId.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpD41E.tmp.bat
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
|
\Device\Null
|
ASCII text, with CRLF line terminators, with overstriking
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LZazJikRId.exe
|
"C:\Users\user\Desktop\LZazJikRId.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /create /f /sc ONLOGON /RL HIGHEST /tn "'audiodrv"' /tr "'C:\Users\user\AppData\Roaming\audiodrv.exe"'
|
|
|
|
C:\Users\user\AppData\Roaming\audiodrv.exe
|
"C:\Users\user\AppData\Roaming\audiodrv.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpD41E.tmp.bat""
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\timeout.exe
|
timeout 3
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
dgorijan20785.hopto.org
|
172.111.216.199
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.111.216.199
|
dgorijan20785.hopto.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\7B6495DE59C71128F51B
|
7B6495DE59C71128F51B
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2231000
|
trusted library allocation
|
page read and write
|
|
|
|
262000
|
unkown
|
page readonly
|
|
|
|
560000
|
heap
|
page read and write
|
||
|
29FC000
|
trusted library allocation
|
page read and write
|
||
|
29BE000
|
trusted library allocation
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
1AD28000
|
heap
|
page read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
240BC5D0000
|
heap
|
page read and write
|
||
|
2999000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
290D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B793000
|
trusted library allocation
|
page execute and read and write
|
||
|
240BE0E0000
|
heap
|
page read and write
|
||
|
227D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7B4000
|
trusted library allocation
|
page read and write
|
||
|
975000
|
heap
|
page read and write
|
||
|
1AEAE000
|
heap
|
page read and write
|
||
|
7FFD9B876000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
1AD72000
|
heap
|
page read and write
|
||
|
7FFD9B951000
|
trusted library allocation
|
page read and write
|
||
|
298D000
|
trusted library allocation
|
page read and write
|
||
|
12298000
|
trusted library allocation
|
page read and write
|
||
|
2A0C000
|
trusted library allocation
|
page read and write
|
||
|
1B013000
|
heap
|
page read and write
|
||
|
14DFA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
2962000
|
trusted library allocation
|
page read and write
|
||
|
674000
|
heap
|
page read and write
|
||
|
704000
|
heap
|
page read and write
|
||
|
1AD42000
|
heap
|
page read and write
|
||
|
2975000
|
trusted library allocation
|
page read and write
|
||
|
7A93E7E000
|
stack
|
page read and write
|
||
|
2A3D000
|
trusted library allocation
|
page read and write
|
||
|
1AD9E000
|
heap
|
page read and write
|
||
|
1B1AF000
|
stack
|
page read and write
|
||
|
28F0000
|
trusted library allocation
|
page read and write
|
||
|
29F7000
|
trusted library allocation
|
page read and write
|
||
|
1AD76000
|
heap
|
page read and write
|
||
|
1B027000
|
heap
|
page read and write
|
||
|
693000
|
heap
|
page read and write
|
||
|
915000
|
heap
|
page read and write
|
||
|
2A3B000
|
trusted library allocation
|
page read and write
|
||
|
1AE70000
|
heap
|
page read and write
|
||
|
1B38F000
|
stack
|
page read and write
|
||
|
7FFD9B7AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC9F000
|
stack
|
page read and write
|
||
|
1ADAC000
|
heap
|
page read and write
|
||
|
12597000
|
trusted library allocation
|
page read and write
|
||
|
1ACE7000
|
heap
|
page read and write
|
||
|
1A632E80000
|
heap
|
page read and write
|
||
|
2964000
|
trusted library allocation
|
page read and write
|
||
|
2992000
|
trusted library allocation
|
page read and write
|
||
|
8AC000
|
stack
|
page read and write
|
||
|
770000
|
trusted library allocation
|
page read and write
|
||
|
1AEC3000
|
heap
|
page read and write
|
||
|
7FFD9B840000
|
trusted library allocation
|
page read and write
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
29E1000
|
trusted library allocation
|
page read and write
|
||
|
28AD000
|
trusted library allocation
|
page read and write
|
||
|
29BA000
|
trusted library allocation
|
page read and write
|
||
|
7EE000
|
heap
|
page read and write
|
||
|
7F0000
|
heap
|
page read and write
|
||
|
29AF000
|
trusted library allocation
|
page read and write
|
||
|
6E0000
|
heap
|
page read and write
|
||
|
1A632BC2000
|
heap
|
page read and write
|
||
|
7C3000
|
heap
|
page read and write
|
||
|
1A632BC1000
|
heap
|
page read and write
|
||
|
1ADB0000
|
heap
|
page read and write
|
||
|
291E000
|
trusted library allocation
|
page read and write
|
||
|
28C8000
|
trusted library allocation
|
page read and write
|
||
|
1AD46000
|
heap
|
page read and write
|
||
|
1BFCD000
|
stack
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
240BE0E5000
|
heap
|
page read and write
|
||
|
12593000
|
trusted library allocation
|
page read and write
|
||
|
2A22000
|
trusted library allocation
|
page read and write
|
||
|
1A632D80000
|
heap
|
page read and write
|
||
|
31FEFFF000
|
unkown
|
page read and write
|
||
|
1A632C80000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2972000
|
trusted library allocation
|
page read and write
|
||
|
1AE8E000
|
heap
|
page read and write
|
||
|
2935000
|
trusted library allocation
|
page read and write
|
||
|
29C0000
|
trusted library allocation
|
page read and write
|
||
|
1B58F000
|
stack
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
970000
|
heap
|
page read and write
|
||
|
26E000
|
unkown
|
page readonly
|
||
|
3B5000
|
stack
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page read and write
|
||
|
2580000
|
heap
|
page execute and read and write
|
||
|
1ACB8000
|
heap
|
page read and write
|
||
|
2A1B000
|
trusted library allocation
|
page read and write
|
||
|
515000
|
stack
|
page read and write
|
||
|
29C7000
|
trusted library allocation
|
page read and write
|
||
|
296B000
|
trusted library allocation
|
page read and write
|
||
|
28A4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
12231000
|
trusted library allocation
|
page read and write
|
||
|
73E000
|
heap
|
page read and write
|
||
|
2986000
|
trusted library allocation
|
page read and write
|
||
|
2591000
|
trusted library allocation
|
page read and write
|
||
|
125FA000
|
trusted library allocation
|
page read and write
|
||
|
1AF82000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
78C000
|
heap
|
page read and write
|
||
|
28DB000
|
trusted library allocation
|
page read and write
|
||
|
28D6000
|
trusted library allocation
|
page read and write
|
||
|
28BB000
|
trusted library allocation
|
page read and write
|
||
|
29F0000
|
trusted library allocation
|
page read and write
|
||
|
292C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AF43000
|
heap
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
||
|
2901000
|
trusted library allocation
|
page read and write
|
||
|
2949000
|
trusted library allocation
|
page read and write
|
||
|
1AF8E000
|
heap
|
page read and write
|
||
|
29CC000
|
trusted library allocation
|
page read and write
|
||
|
2A53000
|
trusted library allocation
|
page read and write
|
||
|
220E000
|
stack
|
page read and write
|
||
|
20C3000
|
trusted library allocation
|
page read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page read and write
|
||
|
1AD04000
|
heap
|
page read and write
|
||
|
B7E000
|
stack
|
page read and write
|
||
|
28CA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
227B000
|
trusted library allocation
|
page read and write
|
||
|
1ACA0000
|
heap
|
page execute and read and write
|
||
|
1B7AE000
|
stack
|
page read and write
|
||
|
29E8000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
unkown
|
page readonly
|
||
|
1AF45000
|
heap
|
page read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
74A000
|
heap
|
page read and write
|
||
|
2A19000
|
trusted library allocation
|
page read and write
|
||
|
1B4AF000
|
stack
|
page read and write
|
||
|
2A16000
|
trusted library allocation
|
page read and write
|
||
|
28B4000
|
trusted library allocation
|
page read and write
|
||
|
1B890000
|
heap
|
page read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
1A91F000
|
heap
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
29FE000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
299B000
|
trusted library allocation
|
page read and write
|
||
|
CB5000
|
heap
|
page read and write
|
||
|
1BBCE000
|
stack
|
page read and write
|
||
|
294B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B794000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB3B000
|
stack
|
page read and write
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B48E000
|
stack
|
page read and write
|
||
|
2A31000
|
trusted library allocation
|
page read and write
|
||
|
2A2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
29DA000
|
trusted library allocation
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
786000
|
heap
|
page read and write
|
||
|
1A632D60000
|
heap
|
page read and write
|
||
|
741000
|
heap
|
page read and write
|
||
|
29D6000
|
trusted library allocation
|
page read and write
|
||
|
656000
|
heap
|
page read and write
|
||
|
7A93B8E000
|
stack
|
page read and write
|
||
|
31FF0FF000
|
stack
|
page read and write
|
||
|
1A632B8B000
|
heap
|
page read and write
|
||
|
2A55000
|
trusted library allocation
|
page read and write
|
||
|
1AEA7000
|
heap
|
page read and write
|
||
|
1AEBE000
|
heap
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
1AF05000
|
heap
|
page read and write
|
||
|
2A03000
|
trusted library allocation
|
page read and write
|
||
|
1A632E70000
|
heap
|
page read and write
|
||
|
2A67000
|
trusted library allocation
|
page read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
240BC680000
|
heap
|
page read and write
|
||
|
6BE000
|
heap
|
page read and write
|
||
|
297C000
|
trusted library allocation
|
page read and write
|
||
|
28DD000
|
trusted library allocation
|
page read and write
|
||
|
691000
|
heap
|
page read and write
|
||
|
143FA000
|
trusted library allocation
|
page read and write
|
||
|
2A05000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B79D000
|
trusted library allocation
|
page execute and read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
295B000
|
trusted library allocation
|
page read and write
|
||
|
1B280000
|
heap
|
page read and write
|
||
|
1AD4E000
|
heap
|
page read and write
|
||
|
2945000
|
trusted library allocation
|
page read and write
|
||
|
31FEEFB000
|
stack
|
page read and write
|
||
|
1ACFC000
|
heap
|
page read and write
|
||
|
1AD81000
|
heap
|
page read and write
|
||
|
2285000
|
trusted library allocation
|
page read and write
|
||
|
2A6D000
|
trusted library allocation
|
page read and write
|
||
|
29A7000
|
trusted library allocation
|
page read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
7FF4D4FE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7A93B0C000
|
stack
|
page read and write
|
||
|
240BC688000
|
heap
|
page read and write
|
||
|
2919000
|
trusted library allocation
|
page read and write
|
||
|
1AE59000
|
heap
|
page read and write
|
||
|
29E3000
|
trusted library allocation
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
1AE53000
|
heap
|
page read and write
|
||
|
1A5C0000
|
trusted library allocation
|
page read and write
|
||
|
29B7000
|
trusted library allocation
|
page read and write
|
||
|
1C0CD000
|
stack
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
28C2000
|
trusted library allocation
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
28CF000
|
trusted library allocation
|
page read and write
|
||
|
7F7000
|
heap
|
page read and write
|
||
|
2954000
|
trusted library allocation
|
page read and write
|
||
|
28E2000
|
trusted library allocation
|
page read and write
|
||
|
290B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A14000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
2925000
|
trusted library allocation
|
page read and write
|
||
|
7C6000
|
heap
|
page read and write
|
||
|
29A5000
|
trusted library allocation
|
page read and write
|
||
|
29B3000
|
trusted library allocation
|
page read and write
|
||
|
28D1000
|
trusted library allocation
|
page read and write
|
||
|
1AD2E000
|
heap
|
page read and write
|
||
|
8B0000
|
heap
|
page read and write
|
||
|
1A632B80000
|
heap
|
page read and write
|
||
|
139FA000
|
trusted library allocation
|
page read and write
|
||
|
292E000
|
trusted library allocation
|
page read and write
|
||
|
6BC000
|
heap
|
page read and write
|
||
|
920000
|
heap
|
page execute and read and write
|
||
|
29F2000
|
trusted library allocation
|
page read and write
|
||
|
29D3000
|
trusted library allocation
|
page read and write
|
||
|
1B590000
|
heap
|
page read and write
|
||
|
1AE7A000
|
heap
|
page read and write
|
||
|
255E000
|
stack
|
page read and write
|
||
|
1A632BB1000
|
heap
|
page read and write
|
||
|
2A49000
|
trusted library allocation
|
page read and write
|
||
|
1AD0F000
|
heap
|
page read and write
|
||
|
293A000
|
trusted library allocation
|
page read and write
|
||
|
1AD68000
|
heap
|
page read and write
|
||
|
12FFA000
|
trusted library allocation
|
page read and write
|
||
|
1ACBC000
|
heap
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
84B000
|
heap
|
page read and write
|
||
|
2A5A000
|
trusted library allocation
|
page read and write
|
||
|
7A5000
|
heap
|
page read and write
|
||
|
2927000
|
trusted library allocation
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
7B4000
|
heap
|
page read and write
|
||
|
28EE000
|
trusted library allocation
|
page read and write
|
||
|
20C0000
|
trusted library allocation
|
page read and write
|
||
|
12591000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B5AF000
|
stack
|
page read and write
|
||
|
28E4000
|
trusted library allocation
|
page read and write
|
||
|
29C5000
|
trusted library allocation
|
page read and write
|
||
|
2729000
|
trusted library allocation
|
page read and write
|
||
|
1ABFD000
|
stack
|
page read and write
|
||
|
1A7BC000
|
stack
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
28FF000
|
trusted library allocation
|
page read and write
|
||
|
29DC000
|
trusted library allocation
|
page read and write
|
||
|
1229C000
|
trusted library allocation
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
29F5000
|
trusted library allocation
|
page read and write
|
||
|
2100000
|
heap
|
page execute and read and write
|
||
|
1AB2D000
|
stack
|
page read and write
|
||
|
1AE7F000
|
heap
|
page read and write
|
||
|
1AE82000
|
heap
|
page read and write
|
||
|
29ED000
|
trusted library allocation
|
page read and write
|
||
|
2A45000
|
trusted library allocation
|
page read and write
|
||
|
28A9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
2969000
|
trusted library allocation
|
page read and write
|
||
|
240BC4F0000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AC5F000
|
stack
|
page read and write
|
||
|
2A5C000
|
trusted library allocation
|
page read and write
|
||
|
240BC610000
|
heap
|
page read and write
|
||
|
7FFD9B850000
|
trusted library allocation
|
page execute and read and write
|
||
|
28E9000
|
trusted library allocation
|
page read and write
|
||
|
1A5B2000
|
heap
|
page read and write
|
||
|
1BA3E000
|
stack
|
page read and write
|
||
|
1AF70000
|
heap
|
page read and write
|
||
|
1B6AD000
|
stack
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
7FFD9B84C000
|
trusted library allocation
|
page execute and read and write
|
||
|
295D000
|
trusted library allocation
|
page read and write
|
||
|
1B3AE000
|
stack
|
page read and write
|
||
|
1A632BC2000
|
heap
|
page read and write
|
||
|
1AD37000
|
heap
|
page read and write
|
||
|
2A4E000
|
trusted library allocation
|
page read and write
|
||
|
2A29000
|
trusted library allocation
|
page read and write
|
||
|
1AD94000
|
heap
|
page read and write
|
||
|
1ACEF000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BDCA000
|
stack
|
page read and write
|
||
|
1A260000
|
trusted library allocation
|
page read and write
|
||
|
2957000
|
trusted library allocation
|
page read and write
|
||
|
293C000
|
trusted library allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
298B000
|
trusted library allocation
|
page read and write
|
||
|
2838000
|
trusted library allocation
|
page read and write
|
||
|
28F8000
|
trusted library allocation
|
page read and write
|
||
|
29CE000
|
trusted library allocation
|
page read and write
|
||
|
28B2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A33000
|
trusted library allocation
|
page read and write
|
||
|
2A38000
|
trusted library allocation
|
page read and write
|
||
|
7F2000
|
heap
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1A632BB1000
|
heap
|
page read and write
|
||
|
1B0AC000
|
stack
|
page read and write
|
||
|
2917000
|
trusted library allocation
|
page read and write
|
||
|
2984000
|
trusted library allocation
|
page read and write
|
||
|
1AEAB000
|
heap
|
page read and write
|
||
|
1ACB0000
|
heap
|
page read and write
|
||
|
7FFD9B78D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7AD000
|
heap
|
page read and write
|
||
|
1BCCA000
|
stack
|
page read and write
|
There are 317 hidden memdumps, click here to show them.