Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\AAKJEGCF
|
SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4,
UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\CBAFIDAE
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie
0x21, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
C:\ProgramData\DAAAKFHIEGDGCAAAEGDG
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie
0xe, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\ProgramData\GIJEBKECBAKFBGDGCBGDBAECAK
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8,
version-valid-for 11
|
dropped
|
||
|
C:\ProgramData\HCBFIJJE
|
SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie
0x24, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\HCFBAFIDAECA\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\KJJECGHJ
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4,
UTF-8, version-valid-for 4
|
dropped
|
||
|
C:\ProgramData\KJJECGHJDBFIJJJKEHCB
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie
0xb, schema 4, UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199677575543[1].htm
|
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://duckduckgo.com/chrome_newtab
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
https://95.217.246.168/0
|
unknown
|
||
|
https://steamcommunity.com/?subsection=broadcasts
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/badges
|
unknown
|
||
|
https://95.217.246.168
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=EyWBqDQS-6jg&a
|
unknown
|
||
|
https://95.217.246.168KFB
|
unknown
|
||
|
https://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
|
unknown
|
||
|
https://95.217.246.168/vcruntime140.dll
|
95.217.246.168
|
||
|
https://95.217.246.168/IDBKEBFCBFIIIIIECGDAE
|
unknown
|
||
|
http://www.valvesoftware.com/legal.htm
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543/inventory/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
|
unknown
|
||
|
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=c4UneKQJ
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=3gW5J8_jG_Yc&l=e
|
unknown
|
||
|
https://95.217.246.168/
|
95.217.246.168
|
||
|
https://95.217.246.168/msvcp140.dlln
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
|
unknown
|
||
|
https://mozilla.org0/
|
unknown
|
||
|
https://95.217.246.168/mozglue.dllL
|
unknown
|
||
|
https://95.217.246.168/freebl3.dll8
|
unknown
|
||
|
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://95.217.246.168/mozglue.dllP
|
unknown
|
||
|
https://store.steampowered.com/points/shop/
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://95.217.246.168/freebl3.dll2
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543Mozilla/5.0
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
|
unknown
|
||
|
https://www.ecosia.org/newtab/
|
unknown
|
||
|
https://95.217.246.168/nss3.dllp
|
unknown
|
||
|
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
|
https://store.steampowered.com/privacy_agreement/
|
unknown
|
||
|
https://95.217.246.168/s:
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543
|
23.194.234.100
|
||
|
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
|
unknown
|
||
|
https://store.steampowered.com/about/
|
unknown
|
||
|
https://steamcommunity.com/my/wishlist/
|
unknown
|
||
|
https://steamcommunity.com//
|
unknown
|
||
|
https://t.me/snsb82At
|
unknown
|
||
|
https://95.217.246.168/nss3.dll
|
95.217.246.168
|
||
|
https://help.steampowered.com/en/
|
unknown
|
||
|
https://steamcommunity.com/market/
|
unknown
|
||
|
https://store.steampowered.com/news/
|
unknown
|
||
|
https://95.217.246.168/softokn3.dllx
|
unknown
|
||
|
https://95.217.246.168KJD
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
|
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
|
unknown
|
||
|
https://95.217.246.168/msvcp140.dll
|
95.217.246.168
|
||
|
https://steamcommunity.com/discussions/
|
unknown
|
||
|
https://store.steampowered.com/stats/
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=98m_
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
|
https://store.steampowered.com/steam_refunds/
|
unknown
|
||
|
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://steamcommunity.com/workshop/
|
unknown
|
||
|
https://store.steampowered.com/legal/
|
unknown
|
||
|
https://t.me/snsb82
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
|
unknown
|
||
|
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543x
|
unknown
|
||
|
https://store.steampowered.com/
|
unknown
|
||
|
https://95.217.246.168/softokn3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
|
unknown
|
||
|
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
|
unknown
|
||
|
https://95.217.246.168/mozglue.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
|
https://steamcommunity.com/profiles/76561199677575543i
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
|
unknown
|
||
|
https://ac.ecosia.org/autocomplete?q=
|
unknown
|
||
|
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
|
unknown
|
||
|
https://95.217.246.168/nss3.dll&
|
unknown
|
||
|
https://95.217.246.168/freebl3.dll
|
95.217.246.168
|
||
|
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
|
unknown
|
There are 90 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
steamcommunity.com
|
23.194.234.100
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
23.194.234.100
|
steamcommunity.com
|
United States
|
||
|
95.217.246.168
|
unknown
|
Germany
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
8FF000
|
unkown
|
page read and write
|
|
|
|
55F000
|
remote allocation
|
page execute and read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1323000
|
heap
|
page read and write
|
|
|
|
5F9000
|
remote allocation
|
page execute and read and write
|
||
|
950000
|
heap
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
144F000
|
heap
|
page read and write
|
||
|
381E000
|
stack
|
page read and write
|
||
|
EA7E000
|
stack
|
page read and write
|
||
|
1533000
|
heap
|
page read and write
|
||
|
13700000
|
heap
|
page read and write
|
||
|
E0C000
|
heap
|
page read and write
|
||
|
38BA000
|
heap
|
page read and write
|
||
|
EA1C000
|
stack
|
page read and write
|
||
|
436000
|
remote allocation
|
page execute and read and write
|
||
|
C4DD000
|
stack
|
page read and write
|
||
|
13C3C000
|
heap
|
page read and write
|
||
|
759E000
|
stack
|
page read and write
|
||
|
111AE000
|
stack
|
page read and write
|
||
|
51B000
|
remote allocation
|
page execute and read and write
|
||
|
19C6D000
|
direct allocation
|
page execute read
|
||
|
19A61000
|
direct allocation
|
page execute read
|
||
|
87D000
|
stack
|
page read and write
|
||
|
130B000
|
heap
|
page read and write
|
||
|
641000
|
remote allocation
|
page execute and read and write
|
||
|
1111E000
|
stack
|
page read and write
|
||
|
12A0000
|
heap
|
page read and write
|
||
|
DCC000
|
stack
|
page read and write
|
||
|
19E43000
|
heap
|
page read and write
|
||
|
936000
|
unkown
|
page readonly
|
||
|
19CAA000
|
direct allocation
|
page readonly
|
||
|
388E000
|
stack
|
page read and write
|
||
|
936000
|
unkown
|
page readonly
|
||
|
19DC5000
|
heap
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
11AE000
|
stack
|
page read and write
|
||
|
77D000
|
stack
|
page read and write
|
||
|
901000
|
unkown
|
page write copy
|
||
|
8F4000
|
unkown
|
page readonly
|
||
|
10EB000
|
stack
|
page read and write
|
||
|
1375B000
|
stack
|
page read and write
|
||
|
14AF000
|
heap
|
page read and write
|
||
|
9F5E000
|
stack
|
page read and write
|
||
|
19C78000
|
direct allocation
|
page readonly
|
||
|
1130000
|
heap
|
page read and write
|
||
|
13D03000
|
heap
|
page read and write
|
||
|
19CAF000
|
direct allocation
|
page readonly
|
||
|
19CAD000
|
direct allocation
|
page readonly
|
||
|
8F4000
|
unkown
|
page readonly
|
||
|
19DC0000
|
heap
|
page read and write
|
||
|
19BC6000
|
direct allocation
|
page execute read
|
||
|
DFA000
|
heap
|
page read and write
|
||
|
13C5A000
|
heap
|
page read and write
|
||
|
10FC000
|
stack
|
page read and write
|
||
|
1386000
|
heap
|
page read and write
|
||
|
C49D000
|
stack
|
page read and write
|
||
|
139B0000
|
heap
|
page read and write
|
||
|
19C6F000
|
direct allocation
|
page readonly
|
||
|
13ED000
|
heap
|
page read and write
|
||
|
8FF000
|
unkown
|
page write copy
|
||
|
3830000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
13CE000
|
heap
|
page read and write
|
||
|
13AF5000
|
heap
|
page read and write
|
||
|
11B5000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
EBDE000
|
stack
|
page read and write
|
||
|
148F000
|
heap
|
page read and write
|
||
|
12EF000
|
heap
|
page read and write
|
||
|
12AA000
|
heap
|
page read and write
|
||
|
1509000
|
heap
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
521000
|
remote allocation
|
page execute and read and write
|
||
|
D0E000
|
stack
|
page read and write
|
||
|
D40000
|
heap
|
page read and write
|
||
|
146F000
|
heap
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
38B0000
|
heap
|
page read and write
|
||
|
9ADE000
|
stack
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
1385C000
|
stack
|
page read and write
|
||
|
12EF000
|
stack
|
page read and write
|
||
|
10F3000
|
stack
|
page read and write
|
||
|
518000
|
remote allocation
|
page execute and read and write
|
||
|
EB7F000
|
stack
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
138B0000
|
heap
|
page read and write
|
||
|
19A68000
|
direct allocation
|
page execute read
|
||
|
935000
|
unkown
|
page execute and read and write
|
||
|
136EF000
|
stack
|
page read and write
|
||
|
DF0000
|
heap
|
page read and write
|
||
|
19A60000
|
direct allocation
|
page execute and read and write
|
||
|
13E1000
|
heap
|
page read and write
|
||
|
10EF000
|
stack
|
page read and write
|
||
|
8D0000
|
unkown
|
page readonly
|
||
|
13AFC000
|
heap
|
page read and write
|
||
|
13D01000
|
heap
|
page read and write
|
||
|
19E31000
|
heap
|
page read and write
|
||
|
138A0000
|
heap
|
page read and write
|
||
|
9F1F000
|
stack
|
page read and write
|
||
|
19CA2000
|
direct allocation
|
page read and write
|
||
|
8D1000
|
unkown
|
page execute read
|
||
|
142F000
|
heap
|
page read and write
|
There are 95 hidden memdumps, click here to show them.