Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xmo4WvZPV3Q0.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\xmo4WvZPV3Q0.exe
|
"C:\Users\user\Desktop\xmo4WvZPV3Q0.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
procesoexitos1.duckdns.org
|
179.13.0.175
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
179.13.0.175
|
procesoexitos1.duckdns.org
|
Colombia
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\ActiveMovie\devenum 64-bit
|
Version
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2CF1000
|
trusted library allocation
|
page read and write
|
|
|
|
2A01000
|
trusted library allocation
|
page read and write
|
|
|
|
452000
|
unkown
|
page readonly
|
|
|
|
2D1C000
|
trusted library allocation
|
page read and write
|
||
|
1BF2A000
|
stack
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
271E000
|
stack
|
page read and write
|
||
|
1B393000
|
heap
|
page read and write
|
||
|
2D3C000
|
trusted library allocation
|
page read and write
|
||
|
1BAEC000
|
stack
|
page read and write
|
||
|
1B9EE000
|
stack
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
1B39E000
|
heap
|
page read and write
|
||
|
7FFB4B26B000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B24D000
|
trusted library allocation
|
page execute and read and write
|
||
|
920000
|
heap
|
page read and write
|
||
|
1B1D7000
|
heap
|
page read and write
|
||
|
2D35000
|
trusted library allocation
|
page read and write
|
||
|
2D23000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2F6000
|
trusted library allocation
|
page read and write
|
||
|
2A7F000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
7FFB4B25C000
|
trusted library allocation
|
page read and write
|
||
|
1B8EF000
|
stack
|
page read and write
|
||
|
1B5EE000
|
stack
|
page read and write
|
||
|
7FFB4B253000
|
trusted library allocation
|
page read and write
|
||
|
A03000
|
heap
|
page read and write
|
||
|
7FFB4B400000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B240000
|
trusted library allocation
|
page read and write
|
||
|
1B222000
|
heap
|
page read and write
|
||
|
1B1CD000
|
heap
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page read and write
|
||
|
1C32E000
|
stack
|
page read and write
|
||
|
1B201000
|
heap
|
page read and write
|
||
|
1BBED000
|
stack
|
page read and write
|
||
|
7FFB4B243000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C02C000
|
stack
|
page read and write
|
||
|
7FFB4B244000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
2A77000
|
trusted library allocation
|
page read and write
|
||
|
9A0000
|
trusted library allocation
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
A01000
|
heap
|
page read and write
|
||
|
7FF49A880000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B250000
|
trusted library allocation
|
page read and write
|
||
|
1B2E0000
|
heap
|
page execute and read and write
|
||
|
1B3F0000
|
heap
|
page read and write
|
||
|
1B209000
|
heap
|
page read and write
|
||
|
29F0000
|
heap
|
page execute and read and write
|
||
|
D75000
|
heap
|
page read and write
|
||
|
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
|
2D4B000
|
trusted library allocation
|
page read and write
|
||
|
2A72000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B260000
|
trusted library allocation
|
page read and write
|
||
|
2D49000
|
trusted library allocation
|
page read and write
|
||
|
2A79000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B264000
|
trusted library allocation
|
page read and write
|
||
|
BBC000
|
stack
|
page read and write
|
||
|
1B237000
|
heap
|
page read and write
|
||
|
990000
|
trusted library allocation
|
page read and write
|
||
|
1B39C000
|
heap
|
page read and write
|
||
|
1B1F8000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
2A74000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B360000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B1C0000
|
heap
|
page read and write
|
||
|
970000
|
trusted library allocation
|
page read and write
|
||
|
1B3EC000
|
heap
|
page read and write
|
||
|
9EC000
|
heap
|
page read and write
|
||
|
5A4000
|
stack
|
page read and write
|
||
|
2A83000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1AE7D000
|
stack
|
page read and write
|
||
|
1B3F9000
|
heap
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
A2D000
|
heap
|
page read and write
|
||
|
1B3CE000
|
heap
|
page read and write
|
||
|
1B250000
|
heap
|
page read and write
|
||
|
1B6EF000
|
stack
|
page read and write
|
||
|
9A3000
|
trusted library allocation
|
page read and write
|
||
|
CBD000
|
stack
|
page read and write
|
||
|
2812000
|
heap
|
page read and write
|
||
|
1B1E5000
|
heap
|
page read and write
|
||
|
1B244000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
9C6000
|
heap
|
page read and write
|
||
|
1B7EE000
|
stack
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
1AA30000
|
trusted library allocation
|
page read and write
|
||
|
DBE000
|
stack
|
page read and write
|
||
|
2D31000
|
trusted library allocation
|
page read and write
|
||
|
450000
|
unkown
|
page readonly
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
2A5F000
|
trusted library allocation
|
page read and write
|
||
|
1B24A000
|
heap
|
page read and write
|
||
|
7FFB4B25D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B2F0000
|
trusted library allocation
|
page read and write
|
||
|
1B2F0000
|
heap
|
page read and write
|
||
|
7FFB4B29C000
|
trusted library allocation
|
page execute and read and write
|
||
|
9CC000
|
heap
|
page read and write
|
||
|
2D52000
|
trusted library allocation
|
page read and write
|
||
|
1B455000
|
heap
|
page read and write
|
||
|
45E000
|
unkown
|
page readonly
|
||
|
1C42C000
|
stack
|
page read and write
|
||
|
12A0E000
|
trusted library allocation
|
page read and write
|
||
|
12A01000
|
trusted library allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
2A65000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B2FC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A63000
|
trusted library allocation
|
page read and write
|
||
|
2A6E000
|
trusted library allocation
|
page read and write
|
||
|
7FFB4B26D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFB4B326000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BCEE000
|
stack
|
page read and write
|
||
|
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
|
2A5D000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
heap
|
page read and write
|
||
|
1B3CC000
|
heap
|
page read and write
|
There are 109 hidden memdumps, click here to show them.