Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
xwuh6EHyYm.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 69993 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\xwuh6EHyYm.exe.log
|
CSV text
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\xwuh6EHyYm.exe
|
"C:\Users\user\Desktop\xwuh6EHyYm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
#system32
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
172.160.240.225
|
unknown
|
United States
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2A31000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2961000
|
trusted library allocation
|
page read and write
|
|
|
|
D03000
|
trusted library allocation
|
page execute and read and write
|
||
|
278E000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
5810000
|
trusted library allocation
|
page read and write
|
||
|
29AE000
|
trusted library allocation
|
page read and write
|
||
|
5A7D000
|
stack
|
page read and write
|
||
|
29DD000
|
trusted library allocation
|
page read and write
|
||
|
5D3D000
|
stack
|
page read and write
|
||
|
D04000
|
trusted library allocation
|
page read and write
|
||
|
DBD000
|
stack
|
page read and write
|
||
|
57E6000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
5D7E000
|
stack
|
page read and write
|
||
|
D0D000
|
trusted library allocation
|
page execute and read and write
|
||
|
51CD000
|
stack
|
page read and write
|
||
|
CA7000
|
heap
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
665D000
|
stack
|
page read and write
|
||
|
299E000
|
trusted library allocation
|
page read and write
|
||
|
57F5000
|
trusted library allocation
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
29C5000
|
trusted library allocation
|
page read and write
|
||
|
7AC000
|
stack
|
page read and write
|
||
|
2890000
|
heap
|
page execute and read and write
|
||
|
27EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
29AB000
|
trusted library allocation
|
page read and write
|
||
|
D3B000
|
trusted library allocation
|
page execute and read and write
|
||
|
557D000
|
heap
|
page read and write
|
||
|
D37000
|
trusted library allocation
|
page execute and read and write
|
||
|
27B4000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
heap
|
page execute and read and write
|
||
|
29A0000
|
trusted library allocation
|
page read and write
|
||
|
D32000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
27C4000
|
trusted library allocation
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
27D0000
|
trusted library allocation
|
page read and write
|
||
|
57E9000
|
trusted library allocation
|
page read and write
|
||
|
689E000
|
stack
|
page read and write
|
||
|
B1E000
|
heap
|
page read and write
|
||
|
2A09000
|
trusted library allocation
|
page read and write
|
||
|
50CD000
|
stack
|
page read and write
|
||
|
CF0000
|
trusted library allocation
|
page read and write
|
||
|
655D000
|
stack
|
page read and write
|
||
|
A86000
|
heap
|
page read and write
|
||
|
29A3000
|
trusted library allocation
|
page read and write
|
||
|
5BFD000
|
stack
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
299B000
|
trusted library allocation
|
page read and write
|
||
|
5DFC000
|
stack
|
page read and write
|
||
|
27E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
4E96000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
7F0A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
4968000
|
trusted library allocation
|
page read and write
|
||
|
4E49000
|
heap
|
page read and write
|
||
|
4E40000
|
heap
|
page read and write
|
||
|
29C2000
|
trusted library allocation
|
page read and write
|
||
|
2A02000
|
trusted library allocation
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
A80000
|
heap
|
page read and write
|
||
|
7D9000
|
stack
|
page read and write
|
||
|
2826000
|
trusted library allocation
|
page read and write
|
||
|
BA8000
|
heap
|
page read and write
|
||
|
59FF000
|
stack
|
page read and write
|
||
|
DE7000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
DE0000
|
heap
|
page read and write
|
||
|
BD6000
|
heap
|
page read and write
|
||
|
5476000
|
heap
|
page read and write
|
||
|
C8E000
|
heap
|
page read and write
|
||
|
27BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
57AE000
|
stack
|
page read and write
|
||
|
CC1000
|
heap
|
page read and write
|
||
|
29BE000
|
trusted library allocation
|
page read and write
|
||
|
D22000
|
trusted library allocation
|
page read and write
|
||
|
5800000
|
trusted library allocation
|
page read and write
|
||
|
29C9000
|
trusted library allocation
|
page read and write
|
||
|
580B000
|
trusted library allocation
|
page read and write
|
||
|
284E000
|
stack
|
page read and write
|
||
|
27E0000
|
trusted library allocation
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
29B3000
|
trusted library allocation
|
page read and write
|
||
|
4F10000
|
heap
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
40E000
|
remote allocation
|
page execute and read and write
|
||
|
DAE000
|
stack
|
page read and write
|
||
|
4F18000
|
heap
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
288E000
|
stack
|
page read and write
|
||
|
5AFE000
|
stack
|
page read and write
|
||
|
D26000
|
trusted library allocation
|
page execute and read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
4E8D000
|
heap
|
page read and write
|
||
|
3967000
|
trusted library allocation
|
page read and write
|
||
|
DC0000
|
trusted library allocation
|
page read and write
|
||
|
268E000
|
stack
|
page read and write
|
||
|
B14000
|
heap
|
page read and write
|
||
|
29B6000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
trusted library allocation
|
page read and write
|
||
|
5A30000
|
trusted library allocation
|
page read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
5470000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
702000
|
unkown
|
page readonly
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
3A31000
|
trusted library allocation
|
page read and write
|
||
|
3A34000
|
trusted library allocation
|
page read and write
|
||
|
2850000
|
heap
|
page execute and read and write
|
||
|
BB5000
|
heap
|
page read and write
|
||
|
29D6000
|
trusted library allocation
|
page read and write
|
||
|
2999000
|
trusted library allocation
|
page read and write
|
||
|
2A2E000
|
stack
|
page read and write
|
||
|
4E77000
|
heap
|
page read and write
|
||
|
DF0000
|
trusted library allocation
|
page read and write
|
||
|
4AFD000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
27DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
100F000
|
stack
|
page read and write
|
||
|
520D000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
29F4000
|
trusted library allocation
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
57D4000
|
trusted library allocation
|
page read and write
|
||
|
27B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
4F7E000
|
stack
|
page read and write
|
||
|
679C000
|
stack
|
page read and write
|
||
|
27C0000
|
trusted library allocation
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
29EB000
|
trusted library allocation
|
page read and write
|
||
|
CAB000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
29EF000
|
trusted library allocation
|
page read and write
|
||
|
280C000
|
stack
|
page read and write
|
||
|
4E5B000
|
heap
|
page read and write
|
||
|
2A04000
|
trusted library allocation
|
page read and write
|
||
|
4BCE000
|
stack
|
page read and write
|
||
|
D06000
|
heap
|
page read and write
|
||
|
5E80000
|
heap
|
page read and write
|
||
|
56AE000
|
stack
|
page read and write
|
||
|
700000
|
unkown
|
page readonly
|
||
|
50E0000
|
heap
|
page execute and read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
54FB000
|
heap
|
page read and write
|
||
|
2920000
|
heap
|
page read and write
|
||
|
AEB000
|
heap
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
5809000
|
trusted library allocation
|
page read and write
|
||
|
5C3C000
|
stack
|
page read and write
|
||
|
5ABE000
|
stack
|
page read and write
|
||
|
B21000
|
heap
|
page read and write
|
||
|
D50000
|
trusted library allocation
|
page read and write
|
||
|
D20000
|
trusted library allocation
|
page read and write
|
||
|
D2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5DBF000
|
stack
|
page read and write
|
||
|
6DC000
|
stack
|
page read and write
|
||
|
D00000
|
trusted library allocation
|
page read and write
|
||
|
2800000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
heap
|
page read and write
|
||
|
C88000
|
heap
|
page read and write
|
||
|
29CB000
|
trusted library allocation
|
page read and write
|
||
|
530D000
|
stack
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
57C4000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3961000
|
trusted library allocation
|
page read and write
|
There are 164 hidden memdumps, click here to show them.