Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
m0wsoI3.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite-shm
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
|
data
|
dropped
|
|
|
|
C:\Users\user\Desktop\2NOH4EKN
|
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie
0xc, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\Desktop\CBIEU37Q
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie
0xe, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\Desktop\DBAI5X4O
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 14, database pages 6, 1st free page 4, free pages
1, cookie 0x17, schema 4, UTF-8, version-valid-for 14
|
dropped
|
||
|
C:\Users\user\Desktop\HVKX4WTJ
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8,
version-valid-for 7
|
dropped
|
||
|
C:\Users\user\Desktop\LFKFUKFU
|
SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free
pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
|
dropped
|
||
|
C:\Users\user\Desktop\QIEKNGVA
|
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie
0x37, schema 4, UTF-8, version-valid-for 9
|
dropped
|
||
|
C:\Users\user\Desktop\VA16PHVS
|
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4,
UTF-8, version-valid-for 1
|
dropped
|
||
|
C:\Users\user\Desktop\ZUKFK6PZ
|
SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie
0x4a, schema 4, UTF-8, version-valid-for 5
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\m0wsoI3.exe
|
"C:\Users\user\Desktop\m0wsoI3.exe"
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\user\Desktop\m0wsoI3.exe" & exit
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\timeout.exe
|
timeout /t 5
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ctrlgem.xyz/gate.php
|
|
||
|
http://ctrlgem.xyz/request
|
188.114.97.3
|
|
|
|
http://ctrlgem.xyz/gate.php
|
188.114.97.3
|
|
|
|
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
https://www.ecosia.org/newtab/v20
|
unknown
|
||
|
https://duckduckgo.com/ac/?q=
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
|
unknown
|
||
|
https://duckduckgo.com/chrome_newtabv20-
|
unknown
|
||
|
http://www.mozilla.com0
|
unknown
|
||
|
http://ctrlgem.xyz/requestj
|
unknown
|
||
|
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
|
unknown
|
||
|
https://ac.ecosia.org?q=
|
unknown
|
||
|
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
|
unknown
|
||
|
http://ctrlgem.xyz/requestb
|
unknown
|
||
|
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
|
unknown
|
||
|
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
|
unknown
|
||
|
https://gemini.google.com/app?q=
|
unknown
|
||
|
https://support.mozilla.org/products/firefox
|
unknown
|
There are 12 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ctrlgem.xyz
|
188.114.97.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
ctrlgem.xyz
|
European Union
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
401000
|
unkown
|
page execute and read and write
|
|
|
|
43C000
|
unkown
|
page execute and write copy
|
|
|
|
4CE000
|
heap
|
page read and write
|
|
|
|
43C000
|
unkown
|
page execute and read and write
|
|
|
|
78F000
|
stack
|
page read and write
|
||
|
F223000
|
heap
|
page read and write
|
||
|
92BA000
|
heap
|
page read and write
|
||
|
190000
|
stack
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
8E7F000
|
stack
|
page read and write
|
||
|
F40F000
|
heap
|
page read and write
|
||
|
100BE000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
F6D8000
|
heap
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
F3E0000
|
heap
|
page read and write
|
||
|
60980000
|
direct allocation
|
page readonly
|
||
|
1F5000
|
heap
|
page read and write
|
||
|
1120C000
|
stack
|
page read and write
|
||
|
106D0000
|
heap
|
page read and write
|
||
|
1130C000
|
stack
|
page read and write
|
||
|
F417000
|
heap
|
page read and write
|
||
|
597000
|
heap
|
page read and write
|
||
|
8D1F000
|
stack
|
page read and write
|
||
|
F3E8000
|
heap
|
page read and write
|
||
|
51D000
|
heap
|
page read and write
|
||
|
21D0000
|
unclassified section
|
page read and write
|
||
|
6096F000
|
direct allocation
|
page readonly
|
||
|
F3E1000
|
heap
|
page read and write
|
||
|
59C000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
8ADE000
|
stack
|
page read and write
|
||
|
49E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
828000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
6096E000
|
direct allocation
|
page read and write
|
||
|
100FC000
|
heap
|
page read and write
|
||
|
F65B000
|
heap
|
page read and write
|
||
|
F3F8000
|
heap
|
page read and write
|
||
|
F4D0000
|
heap
|
page read and write
|
||
|
6097D000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
F3D0000
|
heap
|
page read and write
|
||
|
2D38000
|
heap
|
page read and write
|
||
|
10051000
|
heap
|
page read and write
|
||
|
60900000
|
direct allocation
|
page execute and read and write
|
||
|
2C8F000
|
stack
|
page read and write
|
||
|
535000
|
heap
|
page read and write
|
||
|
6097B000
|
direct allocation
|
page readonly
|
||
|
19E000
|
stack
|
page read and write
|
||
|
5BA000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
F3E0000
|
heap
|
page read and write
|
||
|
58A000
|
heap
|
page read and write
|
||
|
F3EC000
|
heap
|
page read and write
|
||
|
10730000
|
heap
|
page read and write
|
||
|
92F000
|
stack
|
page read and write
|
||
|
F66F000
|
heap
|
page read and write
|
||
|
F5FA000
|
heap
|
page read and write
|
||
|
2D20000
|
heap
|
page read and write
|
||
|
8FCE000
|
stack
|
page read and write
|
||
|
F3E0000
|
heap
|
page read and write
|
||
|
F3E3000
|
heap
|
page read and write
|
||
|
F672000
|
heap
|
page read and write
|
||
|
F3D1000
|
heap
|
page read and write
|
||
|
F3F2000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
926D000
|
stack
|
page read and write
|
||
|
F3E7000
|
heap
|
page read and write
|
||
|
299C000
|
stack
|
page read and write
|
||
|
41E000
|
unkown
|
page readonly
|
||
|
295C000
|
stack
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
F662000
|
heap
|
page read and write
|
||
|
F40F000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
107DB000
|
stack
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
F3F1000
|
heap
|
page read and write
|
||
|
100E5000
|
heap
|
page read and write
|
||
|
910E000
|
stack
|
page read and write
|
||
|
8BDF000
|
stack
|
page read and write
|
||
|
100F1000
|
heap
|
page read and write
|
||
|
8ECE000
|
stack
|
page read and write
|
||
|
5A2000
|
heap
|
page read and write
|
||
|
439000
|
unkown
|
page readonly
|
||
|
828000
|
heap
|
page read and write
|
||
|
8940000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
46C0000
|
heap
|
page read and write
|
||
|
439000
|
unkown
|
page readonly
|
||
|
106CC000
|
stack
|
page read and write
|
||
|
916E000
|
stack
|
page read and write
|
||
|
18C000
|
stack
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
4C9000
|
heap
|
page read and write
|
||
|
507000
|
heap
|
page read and write
|
||
|
100F5000
|
heap
|
page read and write
|
||
|
F5E0000
|
heap
|
page read and write
|
||
|
41E000
|
unkown
|
page readonly
|
||
|
2CD0000
|
heap
|
page read and write
|
||
|
899E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
10560000
|
heap
|
page read and write
|
||
|
F3EE000
|
heap
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
8C1E000
|
stack
|
page read and write
|
||
|
1045F000
|
heap
|
page read and write
|
||
|
81E000
|
stack
|
page read and write
|
||
|
F3F1000
|
heap
|
page read and write
|
||
|
196000
|
stack
|
page read and write
|
||
|
F3D8000
|
heap
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
F3DF000
|
heap
|
page read and write
|
||
|
825000
|
heap
|
page read and write
|
||
|
2CCE000
|
stack
|
page read and write
|
||
|
F3D1000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
F3DF000
|
heap
|
page read and write
|
||
|
6097A000
|
direct allocation
|
page read and write
|
||
|
543000
|
heap
|
page read and write
|
||
|
F3DE000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
F3EF000
|
heap
|
page read and write
|
||
|
900E000
|
stack
|
page read and write
|
||
|
584000
|
heap
|
page read and write
|
||
|
F3DE000
|
heap
|
page read and write
|
||
|
F688000
|
heap
|
page read and write
|
||
|
21CF000
|
stack
|
page read and write
|
||
|
1073A000
|
heap
|
page read and write
|
||
|
60901000
|
direct allocation
|
page execute read
|
||
|
401000
|
unkown
|
page execute and write copy
|
||
|
F678000
|
heap
|
page read and write
|
||
|
8D7E000
|
stack
|
page read and write
|
||
|
8A9F000
|
stack
|
page read and write
|
||
|
10DC0000
|
heap
|
page read and write
|
||
|
100DE000
|
heap
|
page read and write
|
||
|
440000
|
heap
|
page read and write
|
There are 134 hidden memdumps, click here to show them.