Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
fP4kybhBWi.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\fP4kybhBWi.exe
|
"C:\Users\user\Desktop\fP4kybhBWi.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Kneegrowless-33547.portmap.host
|
|
||
|
https://api.ipify.org/
|
unknown
|
||
|
https://stackoverflow.com/q/14436606/23354
|
unknown
|
||
|
https://stackoverflow.com/q/2152978/23354sCannot
|
unknown
|
||
|
https://ipwho.is/
|
15.204.213.5
|
||
|
http://ipwho.is0v
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ipwho.is
|
unknown
|
||
|
https://stackoverflow.com/q/11564914/23354;
|
unknown
|
||
|
https://ipwho.is
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
Kneegrowless-33547.portmap.host
|
193.161.193.99
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
|
ipwho.is
|
15.204.213.5
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.161.193.99
|
Kneegrowless-33547.portmap.host
|
Russian Federation
|
|
|
|
15.204.213.5
|
ipwho.is
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fP4kybhBWi_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2963000
|
trusted library allocation
|
page read and write
|
|
|
|
440000
|
unkown
|
page readonly
|
|
|
|
2791000
|
trusted library allocation
|
page read and write
|
|
|
|
122000
|
unkown
|
page readonly
|
|
|
|
890000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1B340000
|
heap
|
page read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
1B0C6000
|
heap
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
7FFD9B9CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD00000
|
trusted library allocation
|
page read and write
|
||
|
1B0CA000
|
heap
|
page read and write
|
||
|
C80000
|
trusted library allocation
|
page read and write
|
||
|
27D1000
|
trusted library allocation
|
page read and write
|
||
|
CC0000
|
heap
|
page read and write
|
||
|
1B3B2000
|
heap
|
page read and write
|
||
|
7FFD9BE50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA96000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9D4000
|
trusted library allocation
|
page read and write
|
||
|
8CB000
|
heap
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
7FFD9BCA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC10000
|
trusted library allocation
|
page read and write
|
||
|
D25000
|
heap
|
page read and write
|
||
|
7FFD9BBB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
C83000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB50000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDC0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC80000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2BAE000
|
trusted library allocation
|
page read and write
|
||
|
1B512000
|
heap
|
page read and write
|
||
|
7FFD9BDD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BCD0000
|
trusted library allocation
|
page read and write
|
||
|
28F2000
|
trusted library allocation
|
page read and write
|
||
|
1C27D000
|
stack
|
page read and write
|
||
|
1B3FB000
|
heap
|
page read and write
|
||
|
7FFD9BC50000
|
trusted library allocation
|
page read and write
|
||
|
2BA8000
|
trusted library allocation
|
page read and write
|
||
|
1A7C0000
|
trusted library allocation
|
page read and write
|
||
|
127BD000
|
trusted library allocation
|
page read and write
|
||
|
1B93D000
|
stack
|
page read and write
|
||
|
12791000
|
trusted library allocation
|
page read and write
|
||
|
1BBBA000
|
heap
|
page read and write
|
||
|
2910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC40000
|
trusted library allocation
|
page read and write
|
||
|
1B0BB000
|
heap
|
page read and write
|
||
|
7FFD9BBA5000
|
trusted library allocation
|
page read and write
|
||
|
1B0BD000
|
heap
|
page read and write
|
||
|
899000
|
heap
|
page read and write
|
||
|
7FFD9BCF0000
|
trusted library allocation
|
page read and write
|
||
|
1B07C000
|
heap
|
page read and write
|
||
|
7FFD9B9BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
28FA000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC70000
|
trusted library allocation
|
page read and write
|
||
|
2DB9000
|
trusted library allocation
|
page read and write
|
||
|
1B060000
|
heap
|
page read and write
|
||
|
7FFD9BC30000
|
trusted library allocation
|
page read and write
|
||
|
1B0E2000
|
heap
|
page read and write
|
||
|
7FFD9B9B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
8F8000
|
heap
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA6C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B240000
|
heap
|
page execute and read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
1BB40000
|
heap
|
page read and write
|
||
|
1B63E000
|
stack
|
page read and write
|
||
|
2914000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC60000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA66000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BDE7000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD30000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B83D000
|
stack
|
page read and write
|
||
|
7FFD9B9C3000
|
trusted library allocation
|
page read and write
|
||
|
127DD000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE70000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BCE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBE9000
|
trusted library allocation
|
page read and write
|
||
|
1BA3A000
|
stack
|
page read and write
|
||
|
7FFD9B9B4000
|
trusted library allocation
|
page read and write
|
||
|
1B3C3000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BB3C000
|
stack
|
page read and write
|
||
|
7FFD9BA0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B0A2000
|
heap
|
page read and write
|
||
|
7FFD9BC00000
|
trusted library allocation
|
page read and write
|
||
|
1B43A000
|
heap
|
page read and write
|
||
|
7FFD9BBE0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
1AD1C000
|
stack
|
page read and write
|
||
|
7FFD9BBE4000
|
trusted library allocation
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
7FFD9BE00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE60000
|
trusted library allocation
|
page read and write
|
||
|
295F000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
heap
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
7FFD9BDE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BE05000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BD40000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BD10000
|
trusted library allocation
|
page read and write
|
||
|
28E6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BC20000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BBA0000
|
trusted library allocation
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
7FFD9BBC0000
|
trusted library allocation
|
page read and write
|
||
|
120000
|
unkown
|
page readonly
|
||
|
1AB1A000
|
heap
|
page read and write
|
||
|
1B4DE000
|
heap
|
page read and write
|
||
|
1BB6C000
|
heap
|
page read and write
|
||
|
7FFD9BE30000
|
trusted library allocation
|
page read and write
|
||
|
581000
|
stack
|
page read and write
|
||
|
7FFD9BE20000
|
trusted library allocation
|
page read and write
|
||
|
1B3FE000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
7FFD9BE0C000
|
trusted library allocation
|
page read and write
|
||
|
7FF496EE0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C17E000
|
stack
|
page read and write
|
||
|
7FFD9BE10000
|
trusted library allocation
|
page execute and read and write
|
||
|
24D0000
|
heap
|
page read and write
|
||
|
1C3BE000
|
stack
|
page read and write
|
||
|
29B8000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
1B40A000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1B735000
|
stack
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
7FFD9BDC2000
|
trusted library allocation
|
page read and write
|
||
|
127A8000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
1279E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BB98000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B2000
|
trusted library allocation
|
page read and write
|
||
|
2920000
|
trusted library allocation
|
page read and write
|
There are 138 hidden memdumps, click here to show them.