IOC Report
rTDN001-180424_PDF.scr.exe

loading gif

Files

File Path
Type
Category
Malicious
rTDN001-180424_PDF.scr.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rTDN001-180424_PDF.scr.exe.log
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\rTDN001-180424_PDF.scr.exe
"C:\Users\user\Desktop\rTDN001-180424_PDF.scr.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
 malicious

URLs

Name
IP
Malicious
https://github.com/mgravell/protobuf-net
unknown
https://fotohari.kylos.pl/ab/wp-admin/Ztmwr.vdf
94.154.117.223
https://github.com/mgravell/protobuf-neti
unknown
https://stackoverflow.com/q/14436606/23354
unknown
https://account.dyn.com/
unknown
https://github.com/mgravell/protobuf-netJ
unknown
http://us2.smtp.mailhostbox.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://stackoverflow.com/q/11564914/23354;
unknown
https://stackoverflow.com/q/2152978/23354
unknown
https://fotohari.kylos.pl
unknown
There are 1 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
bg.microsoft.map.fastly.net
199.232.210.172
us2.smtp.mailhostbox.com
208.91.198.143
fp2e7a.wpc.phicdn.net
192.229.211.108
fotohari.kylos.pl
94.154.117.223

IPs

IP
Domain
Country
Malicious
208.91.198.143
us2.smtp.mailhostbox.com
United States
94.154.117.223
fotohari.kylos.pl
unknown
208.91.199.225
unknown
United States
208.91.199.223
unknown
United States
208.91.199.224
unknown
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\rTDN001-180424_PDF_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
6410000
trusted library section
page read and write
 malicious
2241000
trusted library allocation
page read and write
 malicious
412000
remote allocation
page execute and read and write
 malicious
349A000
trusted library allocation
page read and write
 malicious
4839000
trusted library allocation
page read and write
 malicious
7441000
trusted library allocation
page read and write
 malicious
7351000
trusted library allocation
page read and write
 malicious
4F3A000
trusted library allocation
page read and write
 malicious
6970000
trusted library section
page read and write
 malicious
395D000
trusted library allocation
page read and write
125C000
stack
page read and write
6800000
trusted library allocation
page read and write
1D9000
stack
page read and write
3480000
trusted library allocation
page read and write
39AC000
trusted library allocation
page read and write
6B00000
trusted library allocation
page read and write
667E000
trusted library allocation
page read and write
5794000
heap
page read and write
554E000
stack
page read and write
14D2000
trusted library allocation
page read and write
6C0E000
stack
page read and write
6864000
trusted library allocation
page read and write
494C000
trusted library allocation
page read and write
1537000
heap
page read and write
398F000
trusted library allocation
page read and write
760000
trusted library allocation
page read and write
14B0000
trusted library allocation
page read and write
14D0000
trusted library allocation
page read and write
6695000
trusted library allocation
page read and write
55C000
heap
page read and write
4B9E000
stack
page read and write
8363000
trusted library allocation
page read and write
3451000
trusted library allocation
page read and write
6674000
trusted library allocation
page read and write
6640000
trusted library allocation
page read and write
6740000
trusted library allocation
page read and write
3489000
trusted library allocation
page read and write
66A0000
trusted library allocation
page read and write
13D0000
heap
page read and write
4761000
trusted library allocation
page read and write
4950000
heap
page execute and read and write
31E0000
trusted library allocation
page read and write
597F000
stack
page read and write
FC2000
unkown
page readonly
39C5000
trusted library allocation
page read and write
5890000
trusted library allocation
page execute and read and write
6A80000
trusted library allocation
page read and write
39C9000
trusted library allocation
page read and write
397A000
trusted library allocation
page read and write
5B7000
heap
page read and write
810000
heap
page read and write
66B9000
trusted library allocation
page read and write
5770000
heap
page read and write
14BD000
trusted library allocation
page execute and read and write
6361000
heap
page read and write
516C000
trusted library allocation
page read and write
6310000
heap
page read and write
17DE000
stack
page read and write
FFDA0000
trusted library allocation
page execute and read and write
6810000
trusted library allocation
page read and write
6850000
trusted library allocation
page execute and read and write
3440000
heap
page execute and read and write
474B000
trusted library allocation
page read and write
5660000
heap
page read and write
4784000
trusted library allocation
page read and write
69E6000
trusted library allocation
page read and write
66A6000
trusted library allocation
page read and write
DA000
stack
page read and write
61CF000
stack
page read and write
6A00000
trusted library section
page read and write
84A000
trusted library allocation
page execute and read and write
66E0000
trusted library allocation
page read and write
5C0000
heap
page read and write
4CDE000
stack
page read and write
790000
heap
page read and write
6840000
trusted library allocation
page read and write
5166000
trusted library allocation
page read and write
4752000
trusted library allocation
page read and write
3976000
trusted library allocation
page read and write
4248000
trusted library allocation
page read and write
6860000
trusted library allocation
page read and write
66F0000
trusted library allocation
page read and write
4940000
trusted library allocation
page read and write
3496000
trusted library allocation
page read and write
5C5000
heap
page read and write
6750000
trusted library allocation
page read and write
181E000
stack
page read and write
3241000
trusted library allocation
page read and write
6730000
trusted library allocation
page read and write
830000
trusted library allocation
page read and write
730000
trusted library allocation
page read and write
3978000
trusted library allocation
page read and write
58DD000
stack
page read and write
14C0000
trusted library allocation
page read and write
13C0000
heap
page read and write
6379000
heap
page read and write
398B000
trusted library allocation
page read and write
318E000
stack
page read and write
880000
heap
page read and write
1830000
heap
page read and write
4F6000
heap
page read and write
39AA000
trusted library allocation
page read and write
39E8000
trusted library allocation
page read and write
6358000
heap
page read and write
3240000
heap
page read and write
14B3000
trusted library allocation
page execute and read and write
3993000
trusted library allocation
page read and write
14E7000
trusted library allocation
page execute and read and write
66B0000
trusted library allocation
page read and write
1554000
heap
page read and write
66CB000
trusted library allocation
page read and write
43DD000
stack
page read and write
39A8000
trusted library allocation
page read and write
FC0000
unkown
page readonly
800000
trusted library allocation
page read and write
21EC000
stack
page read and write
7300000
trusted library allocation
page execute and read and write
1440000
heap
page read and write
148E000
stack
page read and write
33CD000
stack
page read and write
3410000
trusted library allocation
page read and write
1820000
trusted library allocation
page execute and read and write
39E2000
trusted library allocation
page read and write
60CE000
stack
page read and write
410000
remote allocation
page execute and read and write
1546000
heap
page read and write
21AF000
stack
page read and write
7A0000
trusted library allocation
page execute and read and write
397D000
trusted library allocation
page read and write
639F000
heap
page read and write
14D6000
trusted library allocation
page execute and read and write
14A0000
trusted library allocation
page read and write
6720000
trusted library allocation
page read and write
47C0000
heap
page read and write
5CCF000
stack
page read and write
69E9000
trusted library allocation
page read and write
334F000
stack
page read and write
44E000
remote allocation
page execute and read and write
475E000
trusted library allocation
page read and write
4F3000
heap
page read and write
6710000
trusted library allocation
page execute and read and write
85B000
trusted library allocation
page execute and read and write
151E000
heap
page read and write
3190000
trusted library section
page read and write
39A4000
trusted library allocation
page read and write
3970000
trusted library allocation
page read and write
39E0000
trusted library allocation
page read and write
54C000
heap
page read and write
846000
trusted library allocation
page execute and read and write
39A6000
trusted library allocation
page read and write
870000
trusted library allocation
page read and write
6700000
trusted library allocation
page read and write
6820000
trusted library allocation
page read and write
6670000
trusted library allocation
page read and write
842000
trusted library allocation
page read and write
4A0000
heap
page read and write
39E6000
trusted library allocation
page read and write
1551000
heap
page read and write
6681000
trusted library allocation
page read and write
490000
heap
page read and write
395F000
trusted library allocation
page read and write
740000
trusted library allocation
page read and write
5F8E000
stack
page read and write
7340000
trusted library allocation
page read and write
141E000
stack
page read and write
14B4000
trusted library allocation
page read and write
39CB000
trusted library allocation
page read and write
39C1000
trusted library allocation
page read and write
6666000
trusted library allocation
page read and write
539000
heap
page read and write
1B0C000
stack
page read and write
1B30000
heap
page read and write
3942000
trusted library allocation
page read and write
5E0E000
stack
page read and write
820000
trusted library allocation
page read and write
6650000
trusted library allocation
page read and write
4C0000
heap
page read and write
338E000
stack
page read and write
476D000
trusted library allocation
page read and write
398D000
trusted library allocation
page read and write
620E000
stack
page read and write
823000
trusted library allocation
page execute and read and write
39E4000
trusted library allocation
page read and write
4938000
trusted library allocation
page read and write
20A0000
heap
page read and write
4E1E000
stack
page read and write
8B0000
heap
page read and write
395B000
trusted library allocation
page read and write
4B5C000
stack
page read and write
66C0000
trusted library allocation
page read and write
4772000
trusted library allocation
page read and write
6890000
trusted library allocation
page execute and read and write
1500000
trusted library allocation
page read and write
5880000
trusted library allocation
page read and write
666B000
trusted library allocation
page read and write
14EB000
trusted library allocation
page execute and read and write
57C3000
heap
page read and write
69E0000
trusted library allocation
page read and write
66D0000
trusted library allocation
page read and write
852000
trusted library allocation
page read and write
340E000
stack
page read and write
3269000
trusted library allocation
page read and write
14DA000
trusted library allocation
page execute and read and write
6A50000
trusted library allocation
page execute and read and write
39DE000
trusted library allocation
page read and write
59BE000
stack
page read and write
68C0000
trusted library allocation
page execute and read and write
83D000
trusted library allocation
page execute and read and write
5BCE000
stack
page read and write
4766000
trusted library allocation
page read and write
747000
trusted library allocation
page read and write
4C9F000
stack
page read and write
857000
trusted library allocation
page execute and read and write
666E000
trusted library allocation
page read and write
39AE000
trusted library allocation
page read and write
57B8000
heap
page read and write
39C3000
trusted library allocation
page read and write
6A60000
trusted library allocation
page execute and read and write
1357000
stack
page read and write
3974000
trusted library allocation
page read and write
59B000
heap
page read and write
552E000
stack
page read and write
4C8000
heap
page read and write
474E000
trusted library allocation
page read and write
5886000
trusted library allocation
page read and write
750000
trusted library allocation
page read and write
68B0000
trusted library allocation
page execute and read and write
82D000
trusted library allocation
page execute and read and write
193F000
stack
page read and write
68F0000
trusted library allocation
page read and write
2230000
heap
page execute and read and write
39C7000
trusted library allocation
page read and write
52ED000
trusted library allocation
page read and write
4DDE000
stack
page read and write
3430000
heap
page execute and read and write
47C3000
heap
page read and write
5F4E000
stack
page read and write
5ACE000
stack
page read and write
14CD000
trusted library allocation
page execute and read and write
630E000
stack
page read and write
1518000
heap
page read and write
4451000
trusted library allocation
page read and write
4E9000
heap
page read and write
578B000
heap
page read and write
4730000
trusted library allocation
page read and write
855000
trusted library allocation
page execute and read and write
4960000
heap
page read and write
824000
trusted library allocation
page read and write
5E4E000
stack
page read and write
14E0000
trusted library allocation
page read and write
39BF000
trusted library allocation
page read and write
581000
heap
page read and write
6830000
trusted library allocation
page read and write
32A6000
trusted library allocation
page read and write
4740000
trusted library allocation
page read and write
14E2000
trusted library allocation
page read and write
5B7E000
stack
page read and write
4790000
trusted library allocation
page read and write
840000
trusted library allocation
page read and write
4780000
trusted library allocation
page read and write
8A0000
trusted library allocation
page execute and read and write
5D0E000
stack
page read and write
554000
heap
page read and write
209E000
stack
page read and write
475A000
trusted library allocation
page read and write
1B10000
trusted library allocation
page read and write
3210000
trusted library allocation
page read and write
3997000
trusted library allocation
page read and write
3249000
trusted library allocation
page read and write
39B0000
trusted library allocation
page read and write
5A1000
heap
page read and write
FC8000
unkown
page readonly
4775000
trusted library allocation
page read and write
1510000
heap
page read and write
608F000
stack
page read and write
490C000
stack
page read and write
68D0000
trusted library allocation
page read and write
3995000
trusted library allocation
page read and write
3962000
trusted library allocation
page read and write
4930000
trusted library allocation
page read and write
4720000
trusted library allocation
page read and write
720000
trusted library allocation
page execute and read and write
39CE000
trusted library allocation
page read and write
There are 273 hidden memdumps, click here to show them.