Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://45.227.255.235:39486/dwm6.exe
|
URL
|
initial url
|
 |
|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition
--user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://45.227.255.235:39486/dwm6.exe'
> cmdline.out 2>&1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://45.227.255.235:39486/dwm6.exe'
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.227.255.235:39486/dwm6.exe
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm6.exe4
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm6.exe#
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm6.exe3
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm6.exe-
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.227.255.23
|
unknown
|
Panama
|
 |
|
|
45.227.255.235
|
unknown
|
Panama
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
110000
|
unkown
|
page readonly
|
|
|
|
24E474B0000
|
heap private
|
page read and write
|
|
|
|
354000
|
unkown
|
page read and write
|
|
|
|
A60000
|
unkown
|
page read and write
|
|
|
|
7FF5C78BD000
|
unkown
|
page readonly
|
|
|
|
24E47662000
|
unkown
|
page read and write
|
|
|
|
11D0000
|
unkown
|
page readonly
|
|
|
|
7FF5C77CA000
|
unkown
|
page readonly
|
|
|
|
7FF5C79B6000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A1C000
|
unkown
|
page readonly
|
|
|
|
7FF5C75A0000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A16000
|
unkown
|
page readonly
|
|
|
|
24E47C70000
|
unkown
|
page read and write
|
|
|
|
24E47E02000
|
unkown
|
page read and write
|
|
|
|
1E0000
|
unkown
|
page read and write
|
|
|
|
11C5000
|
heap private
|
page read and write
|
|
|
|
24E47600000
|
unkown
|
page read and write
|
|
|
|
24E4762E000
|
unkown
|
page read and write
|
|
|
|
24E47702000
|
unkown
|
page read and write
|
|
|
|
B4EF5F5000
|
unkown
|
page read and write
|
|
|
|
A0E000
|
unkown
|
page read and write
|
|
|
|
7FF5C7A2C000
|
unkown
|
page readonly
|
|
|
|
B4EF8FF000
|
unkown
|
page read and write
|
|
|
|
7FF5C7A26000
|
unkown
|
page readonly
|
|
|
|
7FF5C78E7000
|
unkown
|
page readonly
|
|
|
|
7FF5C79A0000
|
unkown
|
page readonly
|
|
|
|
24E47800000
|
unkown
|
page readonly
|
|
|
|
7FF5C78E1000
|
unkown
|
page readonly
|
|
|
|
7FF5C79A2000
|
unkown
|
page readonly
|
|
|
|
B4EF1DB000
|
unkown
|
page read and write
|
|
|
|
7FF5C787A000
|
unkown
|
page readonly
|
|
|
|
7FF5C782F000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A35000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A47000
|
unkown
|
page readonly
|
|
|
|
7FF5C791C000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A9E000
|
unkown
|
page readonly
|
|
|
|
7FF5C79DE000
|
unkown
|
page readonly
|
|
|
|
B28000
|
heap default
|
page read and write
|
|
|
|
7FF5C79B8000
|
unkown
|
page readonly
|
|
|
|
24E47520000
|
unkown
|
page readonly
|
|
|
|
24E47665000
|
unkown
|
page read and write
|
|
|
|
7FF5C7AA1000
|
unkown
|
page readonly
|
|
|
|
B4EF47E000
|
unkown
|
page read and write
|
|
|
|
7FF5C7A40000
|
unkown
|
page readonly
|
|
|
|
24E47713000
|
unkown
|
page read and write
|
|
|
|
A50000
|
unkown
|
page read and write
|
|
|
|
9CC000
|
unkown
|
page read and write
|
|
|
|
7FF5C79B2000
|
unkown
|
page readonly
|
|
|
|
7FF5C7898000
|
unkown
|
page readonly
|
|
|
|
7FF5C79CA000
|
unkown
|
page readonly
|
|
|
|
9D000
|
unkown
|
page read and write
|
|
|
|
24E47708000
|
unkown
|
page read and write
|
|
|
|
7FF5C79EF000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A44000
|
unkown
|
page readonly
|
|
|
|
27E0000
|
unkown
|
page readonly
|
|
|
|
7FF5C79F9000
|
unkown
|
page readonly
|
|
|
|
24E47C60000
|
unkown
|
page readonly
|
|
|
|
7FF5C7AA9000
|
unkown
|
page readonly
|
|
|
|
24E47654000
|
unkown
|
page read and write
|
|
|
|
24E4765D000
|
unkown
|
page read and write
|
|
|
|
24E47510000
|
heap default
|
page read and write
|
|
|
|
106000
|
heap default
|
page read and write
|
|
|
|
B4EF9FE000
|
unkown
|
page read and write
|
|
|
|
11C0000
|
heap private
|
page read and write
|
|
|
|
7FF5C7AA9000
|
unkown
|
page readonly
|
|
|
|
7FF5C7A0D000
|
unkown
|
page readonly
|
|
|
|
24E47629000
|
unkown
|
page read and write
|
|
|
|
B4EF4FD000
|
unkown
|
page read and write
|
|
|
|
24E475F0000
|
unkown
|
page readonly
|
|
|
|
24E48000000
|
unkown
|
page readonly
|
|
|
|
101F000
|
unkown
|
page read and write
|
|
|
|
24E4765F000
|
unkown
|
page read and write
|
|
|
|
24E47613000
|
unkown
|
page read and write
|
|
|
|
B4EF6FB000
|
unkown
|
page read and write
|
|
|
|
24E47661000
|
unkown
|
page read and write
|
|
|
|
7FF5C75B0000
|
unkown
|
page readonly
|
|
|
|
24E4763C000
|
unkown
|
page read and write
|
|
|
|
B4EF7F7000
|
unkown
|
page read and write
|
|
|
|
100000
|
heap default
|
page read and write
|
|
|
|
7FF5C786E000
|
unkown
|
page readonly
|
|
|
|
B20000
|
heap default
|
page read and write
|
|
|
|
7FF5C759A000
|
unkown
|
page readonly
|
|
|
|
24E4765C000
|
unkown
|
page read and write
|
|
|
|
24E47686000
|
unkown
|
page read and write
|
|
|
|
7FF5C78B3000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page readonly
|
|
|
|
24E47700000
|
unkown
|
page read and write
|
|
|
|
E1F000
|
unkown
|
page read and write
|
|
|
|
7FF5C79E5000
|
unkown
|
page readonly
|
|
|
|
24E4768E000
|
unkown
|
page read and write
|
|
|
|
24E47CC0000
|
unkown
|
page readonly
|
|
|
|
A4E000
|
unkown
|
page read and write
|
|
|
|
350000
|
unkown
|
page read and write
|
|
There are 83 hidden memdumps, click here to show them.