Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
AO_RDS01_2024-04-18_16_39_30.221.zip
|
Zip archive data, at least v4.5 to extract, compression method=deflate
|
initial sample
|
 |
|
|
C:\Users\user\Desktop\AO_RDS01_2024-04-18_16_39_30.221\Device\HarddiskVolume4\Users\jjohnson\Music\AccountRestore.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\Desktop\AO_RDS01_2024-04-18_16_39_30.221\manifest.json
|
JSON data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\AO_RDS01_2024-04-18_16_39_30.221\Device\HarddiskVolume4\Users\jjohnson\Music\AccountRestore.exe
|
"C:\Users\user\Desktop\AO_RDS01_2024-04-18_16_39_30.221C:\Users\jjohnson\Music\AccountRestore.exe"
|
|
|
|
C:\Windows\System32\rundll32.exe
|
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6}
-Embedding
|
||
|
C:\Program Files\7-Zip\7zG.exe
|
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\AO_RDS01_2024-04-18_16_39_30.221\" -spe -an -ai#7zMap23008:124:7zEvent13671
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://foo/View/MainWindow.xamll
|
unknown
|
||
|
http://defaultcontainer/View/MainWindow.xamll
|
unknown
|
||
|
http://foo/bar/view/mainwindow.bamll
|
unknown
|
||
|
http://defaultcontainer/View/MainWindow.xamlP
|
unknown
|
||
|
http://foo/bar/view/mainwindow.bamlP
|
unknown
|
||
|
http://foo/View/MainWindow.xamlP
|
unknown
|
||
|
http://foo/bar/view/mainwindow.baml
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
|
2
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\2
|
NodeSlot
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\2
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\23\Shell
|
SniffedFolderType
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
NodeSlots
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
ABB0000
|
trusted library allocation
|
page read and write
|
||
|
980C000
|
stack
|
page read and write
|
||
|
9FA9000
|
stack
|
page read and write
|
||
|
14073D70000
|
heap
|
page read and write
|
||
|
57A2000
|
heap
|
page read and write
|
||
|
7D65000
|
heap
|
page read and write
|
||
|
FF821000
|
trusted library allocation
|
page execute read
|
||
|
AB70000
|
trusted library allocation
|
page read and write
|
||
|
286597C0000
|
heap
|
page read and write
|
||
|
14073F10000
|
heap
|
page read and write
|
||
|
7C15000
|
heap
|
page read and write
|
||
|
5629000
|
heap
|
page read and write
|
||
|
26F5000
|
trusted library allocation
|
page execute and read and write
|
||
|
BEF0000
|
heap
|
page read and write
|
||
|
947000
|
heap
|
page read and write
|
||
|
B240000
|
trusted library allocation
|
page read and write
|
||
|
543F000
|
stack
|
page read and write
|
||
|
7D42000
|
heap
|
page read and write
|
||
|
28659450000
|
heap
|
page read and write
|
||
|
A1EB000
|
stack
|
page read and write
|
||
|
A329000
|
stack
|
page read and write
|
||
|
E6FA000
|
stack
|
page read and write
|
||
|
5642000
|
heap
|
page read and write
|
||
|
5A99000
|
stack
|
page read and write
|
||
|
AB99000
|
trusted library allocation
|
page read and write
|
||
|
FF836000
|
trusted library allocation
|
page execute read
|
||
|
28659530000
|
heap
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
55F8000
|
stack
|
page read and write
|
||
|
14073E1A000
|
heap
|
page read and write
|
||
|
ABF7000
|
trusted library allocation
|
page read and write
|
||
|
8F6000
|
stack
|
page read and write
|
||
|
C370000
|
trusted library section
|
page read and write
|
||
|
5700000
|
heap
|
page read and write
|
||
|
7C0B000
|
heap
|
page read and write
|
||
|
57A9000
|
heap
|
page read and write
|
||
|
FF832000
|
trusted library allocation
|
page execute read
|
||
|
9C9F000
|
heap
|
page read and write
|
||
|
14073E2C000
|
heap
|
page read and write
|
||
|
B220000
|
trusted library allocation
|
page read and write
|
||
|
9770000
|
trusted library allocation
|
page execute and read and write
|
||
|
2870000
|
trusted library allocation
|
page read and write
|
||
|
EFE000
|
stack
|
page read and write
|
||
|
FF820000
|
trusted library allocation
|
page readonly
|
||
|
14073DFF000
|
heap
|
page read and write
|
||
|
7CB3000
|
heap
|
page read and write
|
||
|
AB8E000
|
trusted library allocation
|
page read and write
|
||
|
14073E29000
|
heap
|
page read and write
|
||
|
25A5AFD000
|
stack
|
page read and write
|
||
|
5013000
|
heap
|
page execute and read and write
|
||
|
AF7B000
|
heap
|
page read and write
|
||
|
26C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
ABA5000
|
trusted library allocation
|
page read and write
|
||
|
7C2F000
|
heap
|
page read and write
|
||
|
FF83B000
|
trusted library allocation
|
page readonly
|
||
|
9CA7000
|
heap
|
page read and write
|
||
|
14073E1B000
|
heap
|
page read and write
|
||
|
14073F30000
|
trusted library allocation
|
page read and write
|
||
|
AC5B000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
9C5B000
|
heap
|
page read and write
|
||
|
14073E10000
|
heap
|
page read and write
|
||
|
AF61000
|
heap
|
page read and write
|
||
|
DFDD6FF000
|
stack
|
page read and write
|
||
|
26F2000
|
trusted library allocation
|
page read and write
|
||
|
A7B000
|
heap
|
page read and write
|
||
|
ABA2000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
14075E40000
|
trusted library allocation
|
page read and write
|
||
|
BEE0000
|
heap
|
page read and write
|
||
|
57BC000
|
heap
|
page read and write
|
||
|
5618000
|
heap
|
page read and write
|
||
|
E7FC000
|
stack
|
page read and write
|
||
|
AF75000
|
heap
|
page read and write
|
||
|
AF0D000
|
heap
|
page read and write
|
||
|
A22B000
|
stack
|
page read and write
|
||
|
AEB8000
|
heap
|
page read and write
|
||
|
5783000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4EA000
|
unkown
|
page readonly
|
||
|
14075E30000
|
trusted library allocation
|
page read and write
|
||
|
7BB0000
|
trusted library allocation
|
page read and write
|
||
|
9C14000
|
heap
|
page read and write
|
||
|
25A5FFF000
|
stack
|
page read and write
|
||
|
7CFD000
|
heap
|
page read and write
|
||
|
595C000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
5622000
|
heap
|
page read and write
|
||
|
28659370000
|
heap
|
page read and write
|
||
|
5010000
|
heap
|
page execute and read and write
|
||
|
28E0000
|
trusted library allocation
|
page read and write
|
||
|
A73000
|
heap
|
page read and write
|
||
|
574B000
|
heap
|
page read and write
|
||
|
26CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE9E000
|
heap
|
page read and write
|
||
|
FF83E000
|
trusted library allocation
|
page execute read
|
||
|
549C000
|
stack
|
page read and write
|
||
|
575A000
|
heap
|
page read and write
|
||
|
14075700000
|
heap
|
page read and write
|
||
|
54A0000
|
heap
|
page read and write
|
||
|
3901000
|
trusted library allocation
|
page read and write
|
||
|
9760000
|
trusted library allocation
|
page read and write
|
||
|
A0AA000
|
stack
|
page read and write
|
||
|
9E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
570E000
|
heap
|
page read and write
|
||
|
9E90000
|
trusted library allocation
|
page read and write
|
||
|
5754000
|
heap
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
14073E10000
|
heap
|
page read and write
|
||
|
4E10000
|
trusted library allocation
|
page read and write
|
||
|
285E000
|
stack
|
page read and write
|
||
|
26D0000
|
trusted library allocation
|
page read and write
|
||
|
7D5F000
|
heap
|
page read and write
|
||
|
DFDD7FF000
|
stack
|
page read and write
|
||
|
7CED000
|
heap
|
page read and write
|
||
|
A33000
|
heap
|
page read and write
|
||
|
2865AF90000
|
heap
|
page read and write
|
||
|
14073DD0000
|
heap
|
page read and write
|
||
|
A26000
|
heap
|
page read and write
|
||
|
FF83A000
|
trusted library allocation
|
page execute read
|
||
|
26E0000
|
trusted library allocation
|
page read and write
|
||
|
ACEE000
|
heap
|
page read and write
|
||
|
EA6E000
|
stack
|
page read and write
|
||
|
B280000
|
trusted library allocation
|
page read and write
|
||
|
26D9000
|
trusted library allocation
|
page read and write
|
||
|
14073E35000
|
heap
|
page read and write
|
||
|
940000
|
heap
|
page read and write
|
||
|
AD34000
|
heap
|
page read and write
|
||
|
7DC5000
|
heap
|
page read and write
|
||
|
9CD8000
|
heap
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
4E00000
|
heap
|
page read and write
|
||
|
B3AC000
|
stack
|
page read and write
|
||
|
AB7B000
|
trusted library allocation
|
page read and write
|
||
|
AD30000
|
heap
|
page read and write
|
||
|
9B3000
|
heap
|
page read and write
|
||
|
FF838000
|
trusted library allocation
|
page execute read
|
||
|
9832000
|
trusted library allocation
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
4E64000
|
heap
|
page read and write
|
||
|
ABF1000
|
trusted library allocation
|
page read and write
|
||
|
7CF6000
|
heap
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
533E000
|
stack
|
page read and write
|
||
|
AB96000
|
trusted library allocation
|
page read and write
|
||
|
A45000
|
heap
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
14073D50000
|
heap
|
page read and write
|
||
|
51FE000
|
stack
|
page read and write
|
||
|
26B0000
|
trusted library allocation
|
page read and write
|
||
|
9E80000
|
trusted library allocation
|
page read and write
|
||
|
7D04000
|
heap
|
page read and write
|
||
|
AB7E000
|
trusted library allocation
|
page read and write
|
||
|
AF5B000
|
heap
|
page read and write
|
||
|
26F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB84000
|
trusted library allocation
|
page read and write
|
||
|
5450000
|
trusted library allocation
|
page read and write
|
||
|
FF831000
|
trusted library allocation
|
page readonly
|
||
|
25A577A000
|
stack
|
page read and write
|
||
|
561A000
|
heap
|
page read and write
|
||
|
7D3A000
|
heap
|
page read and write
|
||
|
97CC000
|
stack
|
page read and write
|
||
|
14073EF3000
|
heap
|
page read and write
|
||
|
2901000
|
trusted library allocation
|
page read and write
|
||
|
14073E17000
|
heap
|
page read and write
|
||
|
5767000
|
heap
|
page read and write
|
||
|
28659539000
|
heap
|
page read and write
|
||
|
26DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
25A5CFE000
|
stack
|
page read and write
|
||
|
7DC0000
|
heap
|
page read and write
|
||
|
C22C000
|
stack
|
page read and write
|
||
|
5789000
|
heap
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
7D73000
|
heap
|
page read and write
|
||
|
7DB7000
|
heap
|
page read and write
|
||
|
ABE0000
|
trusted library allocation
|
page read and write
|
||
|
14073F50000
|
heap
|
page read and write
|
||
|
14073E35000
|
heap
|
page read and write
|
||
|
5610000
|
heap
|
page read and write
|
||
|
B5D0000
|
heap
|
page read and write
|
||
|
7D6A000
|
heap
|
page read and write
|
||
|
500E000
|
stack
|
page read and write
|
||
|
AC00000
|
trusted library allocation
|
page read and write
|
||
|
7D82000
|
heap
|
page read and write
|
||
|
98E000
|
heap
|
page read and write
|
||
|
52FE000
|
stack
|
page read and write
|
||
|
57E3000
|
heap
|
page read and write
|
||
|
8E60000
|
trusted library allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
EB6E000
|
stack
|
page read and write
|
||
|
25A5BFE000
|
stack
|
page read and write
|
||
|
DFDD67C000
|
stack
|
page read and write
|
||
|
14073F55000
|
heap
|
page read and write
|
||
|
5744000
|
heap
|
page read and write
|
||
|
14073E1C000
|
heap
|
page read and write
|
||
|
A79000
|
heap
|
page read and write
|
||
|
599B000
|
stack
|
page read and write
|
||
|
7D02000
|
heap
|
page read and write
|
||
|
ADF1000
|
heap
|
page read and write
|
||
|
14073E11000
|
heap
|
page read and write
|
||
|
FF839000
|
trusted library allocation
|
page readonly
|
||
|
B270000
|
trusted library allocation
|
page read and write
|
||
|
2710000
|
trusted library allocation
|
page read and write
|
||
|
7D57000
|
heap
|
page read and write
|
||
|
14073EF0000
|
heap
|
page read and write
|
||
|
7D68000
|
heap
|
page read and write
|
||
|
14073E07000
|
heap
|
page read and write
|
||
|
5799000
|
heap
|
page read and write
|
||
|
FF83C000
|
trusted library allocation
|
page execute read
|
||
|
AE01000
|
heap
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
ABD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E2000
|
unkown
|
page readonly
|
||
|
25A5EFE000
|
stack
|
page read and write
|
||
|
14073E1B000
|
heap
|
page read and write
|
||
|
ACE6000
|
heap
|
page read and write
|
||
|
7BD0000
|
heap
|
page read and write
|
||
|
5733000
|
heap
|
page read and write
|
||
|
B5AF000
|
stack
|
page read and write
|
||
|
5440000
|
trusted library allocation
|
page execute and read and write
|
||
|
3911000
|
trusted library allocation
|
page read and write
|
||
|
FF830000
|
trusted library allocation
|
page execute read
|
||
|
57E1000
|
heap
|
page read and write
|
||
|
FF834000
|
trusted library allocation
|
page execute read
|
||
|
26F0000
|
trusted library allocation
|
page read and write
|
||
|
14073E03000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
C7E000
|
stack
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
505E000
|
stack
|
page read and write
|
||
|
7BEE000
|
heap
|
page read and write
|
||
|
7C9B000
|
heap
|
page read and write
|
||
|
ACA2000
|
heap
|
page read and write
|
||
|
574E000
|
heap
|
page read and write
|
||
|
14073DE3000
|
heap
|
page read and write
|
||
|
140775C0000
|
trusted library allocation
|
page read and write
|
||
|
9E19000
|
stack
|
page read and write
|
||
|
DFDD77E000
|
stack
|
page read and write
|
||
|
FF823000
|
trusted library allocation
|
page execute read
|
||
|
B5E0000
|
heap
|
page read and write
|
||
|
2860000
|
trusted library allocation
|
page execute and read and write
|
||
|
26C0000
|
trusted library allocation
|
page read and write
|
||
|
7D51000
|
heap
|
page read and write
|
||
|
9D1C000
|
stack
|
page read and write
|
||
|
57DE000
|
heap
|
page read and write
|
||
|
545D000
|
trusted library allocation
|
page read and write
|
||
|
AF8D000
|
heap
|
page read and write
|
||
|
7CBC000
|
heap
|
page read and write
|
||
|
FF825000
|
trusted library allocation
|
page execute read
|
||
|
B230000
|
trusted library allocation
|
page read and write
|
||
|
AB9D000
|
trusted library allocation
|
page read and write
|
||
|
579E000
|
heap
|
page read and write
|
||
|
5718000
|
heap
|
page read and write
|
||
|
9C9D000
|
heap
|
page read and write
|
||
|
DFE000
|
stack
|
page read and write
|
||
|
14073E11000
|
heap
|
page read and write
|
||
|
26E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
AE43000
|
heap
|
page read and write
|
||
|
7D08000
|
heap
|
page read and write
|
||
|
A5E000
|
heap
|
page read and write
|
||
|
26E2000
|
trusted library allocation
|
page read and write
|
||
|
563B000
|
heap
|
page read and write
|
||
|
AB88000
|
trusted library allocation
|
page read and write
|
||
|
5737000
|
heap
|
page read and write
|
||
|
26FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1095000
|
heap
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
7C69000
|
heap
|
page read and write
|
||
|
FF83D000
|
trusted library allocation
|
page readonly
|
||
|
14073DD7000
|
heap
|
page read and write
|
||
|
14073C70000
|
heap
|
page read and write
|
||
|
14073E1A000
|
heap
|
page read and write
|
||
|
AB91000
|
trusted library allocation
|
page read and write
|
||
|
7DA3000
|
heap
|
page read and write
|
||
|
A330000
|
trusted library allocation
|
page read and write
|
||
|
FF837000
|
trusted library allocation
|
page readonly
|
||
|
ABC0000
|
trusted library allocation
|
page read and write
|
||
|
AD1F000
|
heap
|
page read and write
|
||
|
AF6D000
|
heap
|
page read and write
|
||
|
5800000
|
heap
|
page execute and read and write
|
||
|
14073E0D000
|
heap
|
page read and write
|
||
|
7DCB000
|
heap
|
page read and write
|
||
|
14077590000
|
trusted library allocation
|
page read and write
|
||
|
AB74000
|
trusted library allocation
|
page read and write
|
||
|
9EA0000
|
trusted library allocation
|
page read and write
|
||
|
ACE4000
|
heap
|
page read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
4A9E000
|
stack
|
page read and write
|
||
|
14073E11000
|
heap
|
page read and write
|
||
|
AA6000
|
heap
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
C03C000
|
stack
|
page read and write
|
||
|
286597C5000
|
heap
|
page read and write
|
||
|
585B000
|
stack
|
page read and write
|
||
|
ABB9000
|
trusted library allocation
|
page read and write
|
||
|
14073E2D000
|
heap
|
page read and write
|
||
|
28659470000
|
heap
|
page read and write
|
||
|
2865953E000
|
heap
|
page read and write
|
||
|
14075710000
|
heap
|
page read and write
|
||
|
28CD000
|
stack
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
4E0000
|
unkown
|
page readonly
|
||
|
2880000
|
heap
|
page execute and read and write
|
||
|
14073E10000
|
heap
|
page read and write
|
||
|
A0EC000
|
stack
|
page read and write
|
||
|
7D9F000
|
heap
|
page read and write
|
||
|
571C000
|
heap
|
page read and write
|
||
|
AF5E000
|
heap
|
page read and write
|
||
|
14073E32000
|
heap
|
page read and write
|
||
|
57FB000
|
heap
|
page read and write
|
There are 300 hidden memdumps, click here to show them.