Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://verodin_backend.exe
|
URL
|
initial url
|
 |
|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition
--user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://verodin_backend.exe' > cmdline.out
2>&1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://verodin_backend.exe'
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://verodin_backend.exe
|
unknown
|
|
|
|
http://verodin_backend.exe/
|
unknown
|
|
|
|
http://verodin_backend.exe/nd.e
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
verodin_backend.exe
|
unknown
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
91CE87C000
|
unkown
|
page read and write
|
|
|
|
10C5000
|
heap private
|
page read and write
|
|
|
|
20B35920000
|
heap default
|
page read and write
|
|
|
|
20B35E00000
|
unkown
|
page readonly
|
|
|
|
105E000
|
unkown
|
page read and write
|
|
|
|
7FF58A493000
|
unkown
|
page readonly
|
|
|
|
7FF58A689000
|
unkown
|
page readonly
|
|
|
|
7FF58A5CF000
|
unkown
|
page readonly
|
|
|
|
20B35A74000
|
unkown
|
page read and write
|
|
|
|
20B36400000
|
unkown
|
page readonly
|
|
|
|
7FF58A4C7000
|
unkown
|
page readonly
|
|
|
|
2BB0000
|
unkown
|
page readonly
|
|
|
|
9D8000
|
heap default
|
page read and write
|
|
|
|
20B35A3C000
|
unkown
|
page read and write
|
|
|
|
7FF58A190000
|
unkown
|
page readonly
|
|
|
|
7FF58A60C000
|
unkown
|
page readonly
|
|
|
|
7FF58A627000
|
unkown
|
page readonly
|
|
|
|
7FF58A580000
|
unkown
|
page readonly
|
|
|
|
7FF58A5ED000
|
unkown
|
page readonly
|
|
|
|
7FF58A5BE000
|
unkown
|
page readonly
|
|
|
|
7FF589D6C000
|
unkown
|
page readonly
|
|
|
|
1C0000
|
unkown
|
page read and write
|
|
|
|
10D0000
|
unkown
|
page readonly
|
|
|
|
2FAF000
|
unkown
|
page read and write
|
|
|
|
7FF58A180000
|
unkown
|
page readonly
|
|
|
|
20B35FA0000
|
unkown
|
page readonly
|
|
|
|
37E000
|
unkown
|
page read and write
|
|
|
|
7FF58A620000
|
unkown
|
page readonly
|
|
|
|
9CC000
|
unkown
|
page read and write
|
|
|
|
7FF58A624000
|
unkown
|
page readonly
|
|
|
|
1B0000
|
unkown
|
page read and write
|
|
|
|
7FF58A689000
|
unkown
|
page readonly
|
|
|
|
91CEA7C000
|
unkown
|
page read and write
|
|
|
|
13E000
|
unkown
|
page read and write
|
|
|
|
20B36070000
|
unkown
|
page readonly
|
|
|
|
180000
|
unkown
|
page read and write
|
|
|
|
7FF58A3AA000
|
unkown
|
page readonly
|
|
|
|
37B000
|
unkown
|
page read and write
|
|
|
|
7FF58A40F000
|
unkown
|
page readonly
|
|
|
|
20B35A13000
|
unkown
|
page read and write
|
|
|
|
20B358C0000
|
heap private
|
page read and write
|
|
|
|
7FF58A592000
|
unkown
|
page readonly
|
|
|
|
91CEEFF000
|
unkown
|
page read and write
|
|
|
|
20B35B02000
|
unkown
|
page read and write
|
|
|
|
7FF58A17A000
|
unkown
|
page readonly
|
|
|
|
7FF58A606000
|
unkown
|
page readonly
|
|
|
|
91CE97E000
|
unkown
|
page read and write
|
|
|
|
7FF58A4C1000
|
unkown
|
page readonly
|
|
|
|
91CEBFE000
|
unkown
|
page read and write
|
|
|
|
7FF58A4FC000
|
unkown
|
page readonly
|
|
|
|
7FF58A598000
|
unkown
|
page readonly
|
|
|
|
7FF58A44E000
|
unkown
|
page readonly
|
|
|
|
7FF58A582000
|
unkown
|
page readonly
|
|
|
|
7FF58A45A000
|
unkown
|
page readonly
|
|
|
|
91CEB7B000
|
unkown
|
page read and write
|
|
|
|
9D0000
|
heap default
|
page read and write
|
|
|
|
7FF589E69000
|
unkown
|
page readonly
|
|
|
|
36B000
|
unkown
|
page read and write
|
|
|
|
F9F000
|
unkown
|
page read and write
|
|
|
|
7FF58A5C5000
|
unkown
|
page readonly
|
|
|
|
7FF58A596000
|
unkown
|
page readonly
|
|
|
|
20B35930000
|
unkown
|
page readonly
|
|
|
|
9D000
|
unkown
|
page read and write
|
|
|
|
10C0000
|
heap private
|
page read and write
|
|
|
|
7FF58A5D9000
|
unkown
|
page readonly
|
|
|
|
2870000
|
unkown
|
page readonly
|
|
|
|
20B35A29000
|
unkown
|
page read and write
|
|
|
|
20B35A6F000
|
unkown
|
page read and write
|
|
|
|
AD0000
|
unkown
|
page readonly
|
|
|
|
7FF589D72000
|
unkown
|
page readonly
|
|
|
|
1A6000
|
heap default
|
page read and write
|
|
|
|
7FF58A5AA000
|
unkown
|
page readonly
|
|
|
|
7FF58A615000
|
unkown
|
page readonly
|
|
|
|
1A0000
|
heap default
|
page read and write
|
|
|
|
20B35B13000
|
unkown
|
page read and write
|
|
|
|
A02000
|
heap default
|
page read and write
|
|
|
|
17E000
|
unkown
|
page read and write
|
|
|
|
91CECF7000
|
unkown
|
page read and write
|
|
|
|
7FF58A5FC000
|
unkown
|
page readonly
|
|
|
|
7FF58A478000
|
unkown
|
page readonly
|
|
|
|
91CEDFF000
|
unkown
|
page read and write
|
|
|
|
190000
|
unkown
|
page readonly
|
|
|
|
101E000
|
unkown
|
page read and write
|
|
|
|
20B35C00000
|
unkown
|
page readonly
|
|
|
|
7FF58A5F6000
|
unkown
|
page readonly
|
|
|
|
20B35A81000
|
unkown
|
page read and write
|
|
|
|
9F6000
|
heap default
|
page read and write
|
|
|
|
91CE8FE000
|
unkown
|
page read and write
|
|
|
|
D9F000
|
unkown
|
page read and write
|
|
|
|
36F000
|
unkown
|
page read and write
|
|
|
|
20B36080000
|
unkown
|
page read and write
|
|
|
|
31AF000
|
unkown
|
page read and write
|
|
|
|
7FF58A67E000
|
unkown
|
page readonly
|
|
|
|
20B36202000
|
unkown
|
page read and write
|
|
|
|
7FF58A681000
|
unkown
|
page readonly
|
|
|
|
20B35A00000
|
unkown
|
page read and write
|
|
There are 86 hidden memdumps, click here to show them.