Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\BAAEHDBF
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\BFIDGHDB
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\DBFIEHDHIIIECAAKECFHIECBKJ
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\ECBAEBGH
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\ECGDBAEH
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\GDHDAEBGCAAFIDGCGDHI
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HDGCFHIDAKEC\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\JDGIECGIEBKJJJJKEGHJ
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199677575543[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/badges
|
unknown
|
||
|
https://95.217.246.168
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=EyWBqDQS-6jg&a
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://www.gstatic.cn/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
|
unknown
|
||
|
https://95.217.246.168/vcruntime140.dll
|
95.217.246.168
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/inventory/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
|
unknown
|
||
|
https://95.217.246.168/6.
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
|
unknown
|
||
|
https://s.ytimg.com;
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=c4UneKQJ
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://95.217.246.168/
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543Mozilla/5.0
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://www.youtube.com/
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dllR
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://95.217.246.168/sqln.dlluZqb.
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543
|
23.194.234.100
|
||
|
https://www.google.com/recaptcha/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://t.me/snsb82At
|
unknown
|
||
|
https://95.217.246.168/nss3.dll
|
95.217.246.168
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/
|
unknown
|
||
|
https://95.217.246.168KJE
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dll(
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dll
|
95.217.246.168
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543#
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=EL8P
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://t.me/snsb82
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://recaptcha.net
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://95.217.246.168/vcruntime140.dllF
|
unknown
|
||
|
https://95.217.246.168/softokn3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://95.217.246.168/mozglue.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=vQePc_kMURDk&l=e
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://95.217.246.168FIE
|
unknown
|
||
|
https://95.217.246.168/freebl3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
|
unknown
|
||
|
https://95.217.246.168/sqln.dll
|
95.217.246.168
|
||
|
https://api.steampowered.com/
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
23.194.234.100
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.194.234.100
|
steamcommunity.com
|
United States
|
||
|
95.217.246.168
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
51B000
|
remote allocation
|
page execute and read and write
|
|
|
|
9FE000
|
unkown
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1589000
|
heap
|
page read and write
|
|
|
|
1A0C0000
|
heap
|
page read and write
|
||
|
19C21000
|
direct allocation
|
page execute read
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
13EC9000
|
heap
|
page read and write
|
||
|
3B5A000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
12EB000
|
stack
|
page read and write
|
||
|
1531000
|
heap
|
page read and write
|
||
|
83F000
|
stack
|
page read and write
|
||
|
EC1E000
|
stack
|
page read and write
|
||
|
9F4000
|
unkown
|
page readonly
|
||
|
178C000
|
heap
|
page read and write
|
||
|
138FB000
|
stack
|
page read and write
|
||
|
13B79000
|
heap
|
page read and write
|
||
|
19C20000
|
direct allocation
|
page execute and read and write
|
||
|
EBBC000
|
stack
|
page read and write
|
||
|
1A143000
|
heap
|
page read and write
|
||
|
13E04000
|
heap
|
page read and write
|
||
|
190000
|
heap
|
page read and write
|
||
|
112AD000
|
stack
|
page read and write
|
||
|
64E000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
43A000
|
remote allocation
|
page execute and read and write
|
||
|
1668000
|
heap
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
19E38000
|
direct allocation
|
page readonly
|
||
|
1415000
|
heap
|
page read and write
|
||
|
5F9000
|
remote allocation
|
page execute and read and write
|
||
|
1DE000
|
stack
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
138A0000
|
heap
|
page read and write
|
||
|
C63D000
|
stack
|
page read and write
|
||
|
12ED000
|
stack
|
page read and write
|
||
|
518000
|
remote allocation
|
page execute and read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
F6C000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
17C2000
|
heap
|
page read and write
|
||
|
3B50000
|
heap
|
page read and write
|
||
|
13CBD000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
13ECB000
|
heap
|
page read and write
|
||
|
A34000
|
unkown
|
page execute and read and write
|
||
|
9D7E000
|
stack
|
page read and write
|
||
|
19E6A000
|
direct allocation
|
page readonly
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
A0FD000
|
stack
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
C67E000
|
stack
|
page read and write
|
||
|
1388F000
|
stack
|
page read and write
|
||
|
1134E000
|
stack
|
page read and write
|
||
|
1601000
|
heap
|
page read and write
|
||
|
A35000
|
unkown
|
page readonly
|
||
|
1510000
|
heap
|
page read and write
|
||
|
9D1000
|
unkown
|
page execute read
|
||
|
180000
|
heap
|
page read and write
|
||
|
19E2F000
|
direct allocation
|
page readonly
|
||
|
19E6D000
|
direct allocation
|
page readonly
|
||
|
14FE000
|
stack
|
page read and write
|
||
|
13CC4000
|
heap
|
page read and write
|
||
|
1728000
|
heap
|
page read and write
|
||
|
A35000
|
unkown
|
page readonly
|
||
|
9D0000
|
unkown
|
page readonly
|
||
|
62E000
|
stack
|
page read and write
|
||
|
ED1F000
|
stack
|
page read and write
|
||
|
13A30000
|
heap
|
page read and write
|
||
|
13E22000
|
heap
|
page read and write
|
||
|
13B60000
|
heap
|
page read and write
|
||
|
19C28000
|
direct allocation
|
page execute read
|
||
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
19E6F000
|
direct allocation
|
page readonly
|
||
|
11D000
|
stack
|
page read and write
|
||
|
1A0C5000
|
heap
|
page read and write
|
||
|
93F000
|
stack
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
151A000
|
heap
|
page read and write
|
||
|
155E000
|
heap
|
page read and write
|
||
|
1A131000
|
heap
|
page read and write
|
||
|
55F000
|
remote allocation
|
page execute and read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
ED6D000
|
stack
|
page read and write
|
||
|
9F4000
|
unkown
|
page readonly
|
||
|
9FE000
|
unkown
|
page write copy
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
19D86000
|
direct allocation
|
page execute read
|
||
|
19E62000
|
direct allocation
|
page read and write
|
||
|
12F3000
|
stack
|
page read and write
|
||
|
A00000
|
unkown
|
page write copy
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
783F000
|
stack
|
page read and write
|
||
|
64A000
|
heap
|
page read and write
|
||
|
9D1000
|
unkown
|
page execute read
|
||
|
19E2D000
|
direct allocation
|
page execute read
|
||
|
139FC000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
There are 89 hidden memdumps, click here to show them.