Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
http://45.227.255.235:39486/dwm7.exe
|
URL
|
initial url
|
 |
|
|
C:\Users\user\Desktop\cmdline.out
|
ASCII text, with CRLF line terminators
|
modified
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\cmd.exe
|
C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition
--user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://45.227.255.235:39486/dwm7.exe'
> cmdline.out 2>&1
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
|
|
|
C:\Windows\SysWOW64\wget.exe
|
wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0
(Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'http://45.227.255.235:39486/dwm7.exe'
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://45.227.255.235:39486/dwm7.exe%
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm7.exe5
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm7.exe2
|
unknown
|
|
|
|
http://45.227.255.235:39486/dwm7.exe
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.227.255.23
|
unknown
|
Panama
|
 |
|
|
45.227.255.235
|
unknown
|
Panama
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E493B10000
|
heap private
|
page read and write
|
|
|
|
C92A375000
|
unkown
|
page read and write
|
|
|
|
7FF5B7160000
|
unkown
|
page readonly
|
|
|
|
7FF5B75DC000
|
unkown
|
page readonly
|
|
|
|
7FF5B75BD000
|
unkown
|
page readonly
|
|
|
|
1E494940000
|
unkown
|
page readonly
|
|
|
|
1E493C5B000
|
unkown
|
page read and write
|
|
|
|
1E493C58000
|
unkown
|
page read and write
|
|
|
|
7FF5B7463000
|
unkown
|
page readonly
|
|
|
|
1E493D02000
|
unkown
|
page read and write
|
|
|
|
9CC000
|
unkown
|
page read and write
|
|
|
|
7FF5B75E5000
|
unkown
|
page readonly
|
|
|
|
FAF000
|
unkown
|
page read and write
|
|
|
|
7FF5B7491000
|
unkown
|
page readonly
|
|
|
|
C92A77E000
|
unkown
|
page read and write
|
|
|
|
1E493D00000
|
unkown
|
page read and write
|
|
|
|
24D000
|
unkown
|
page read and write
|
|
|
|
7FF5B746D000
|
unkown
|
page readonly
|
|
|
|
C929F2B000
|
unkown
|
page read and write
|
|
|
|
1E494402000
|
unkown
|
page read and write
|
|
|
|
7FF5B758E000
|
unkown
|
page readonly
|
|
|
|
7FF5B757A000
|
unkown
|
page readonly
|
|
|
|
7FF5B722A000
|
unkown
|
page readonly
|
|
|
|
1E493C27000
|
unkown
|
page read and write
|
|
|
|
1E494600000
|
unkown
|
page readonly
|
|
|
|
C92A27E000
|
unkown
|
page read and write
|
|
|
|
1E493C29000
|
unkown
|
page read and write
|
|
|
|
1145000
|
heap private
|
page read and write
|
|
|
|
7FF5B7552000
|
unkown
|
page readonly
|
|
|
|
249000
|
unkown
|
page read and write
|
|
|
|
1E493BA0000
|
unkown
|
page read and write
|
|
|
|
A0E000
|
unkown
|
page read and write
|
|
|
|
9D000
|
unkown
|
page read and write
|
|
|
|
7FF5B7568000
|
unkown
|
page readonly
|
|
|
|
DAF000
|
unkown
|
page read and write
|
|
|
|
7FF5B75C6000
|
unkown
|
page readonly
|
|
|
|
100000
|
unkown
|
page readonly
|
|
|
|
1E493E00000
|
unkown
|
page readonly
|
|
|
|
B6E000
|
unkown
|
page read and write
|
|
|
|
7FF5B6D4B000
|
unkown
|
page readonly
|
|
|
|
1E493C02000
|
unkown
|
page read and write
|
|
|
|
7FF5B764E000
|
unkown
|
page readonly
|
|
|
|
7FF5B7595000
|
unkown
|
page readonly
|
|
|
|
C929FAE000
|
unkown
|
page read and write
|
|
|
|
1D0000
|
unkown
|
page read and write
|
|
|
|
7FF5B75D6000
|
unkown
|
page readonly
|
|
|
|
1E493B70000
|
heap default
|
page read and write
|
|
|
|
1E493C5E000
|
unkown
|
page read and write
|
|
|
|
7FF5B7562000
|
unkown
|
page readonly
|
|
|
|
7FF5B759F000
|
unkown
|
page readonly
|
|
|
|
1150000
|
unkown
|
page readonly
|
|
|
|
A30000
|
heap default
|
page read and write
|
|
|
|
C92A577000
|
unkown
|
page read and write
|
|
|
|
1E493C56000
|
unkown
|
page read and write
|
|
|
|
7FF5B75A9000
|
unkown
|
page readonly
|
|
|
|
1E493D13000
|
unkown
|
page read and write
|
|
|
|
7FF5B741E000
|
unkown
|
page readonly
|
|
|
|
C92A47B000
|
unkown
|
page read and write
|
|
|
|
7FF5B75CC000
|
unkown
|
page readonly
|
|
|
|
7FF5B7497000
|
unkown
|
page readonly
|
|
|
|
7FF5B73DF000
|
unkown
|
page readonly
|
|
|
|
7FF5B7566000
|
unkown
|
page readonly
|
|
|
|
7FF5B7659000
|
unkown
|
page readonly
|
|
|
|
7FF5B737A000
|
unkown
|
page readonly
|
|
|
|
C92A67E000
|
unkown
|
page read and write
|
|
|
|
7FF5B7448000
|
unkown
|
page readonly
|
|
|
|
1E0000
|
unkown
|
page readonly
|
|
|
|
1E493ED0000
|
unkown
|
page readonly
|
|
|
|
BA0000
|
heap default
|
page read and write
|
|
|
|
7FF5B75F7000
|
unkown
|
page readonly
|
|
|
|
1E493B80000
|
unkown
|
page readonly
|
|
|
|
1F0000
|
unkown
|
page read and write
|
|
|
|
A38000
|
heap default
|
page read and write
|
|
|
|
1E493C13000
|
unkown
|
page read and write
|
|
|
|
BA6000
|
heap default
|
page read and write
|
|
|
|
7FF5B714A000
|
unkown
|
page readonly
|
|
|
|
7FF5B7659000
|
unkown
|
page readonly
|
|
|
|
7FF5B74CC000
|
unkown
|
page readonly
|
|
|
|
1E493C83000
|
unkown
|
page read and write
|
|
|
|
1E493C3C000
|
unkown
|
page read and write
|
|
|
|
7FF5B75F0000
|
unkown
|
page readonly
|
|
|
|
1E493C00000
|
unkown
|
page read and write
|
|
|
|
7FF5B742A000
|
unkown
|
page readonly
|
|
|
|
1E493D08000
|
unkown
|
page read and write
|
|
|
|
1E493B90000
|
unkown
|
page readonly
|
|
|
|
7FF5B7651000
|
unkown
|
page readonly
|
|
|
|
7FF5B7550000
|
unkown
|
page readonly
|
|
|
|
1E493C66000
|
unkown
|
page read and write
|
|
|
|
1140000
|
heap private
|
page read and write
|
|
|
|
7FF5B75F4000
|
unkown
|
page readonly
|
|
|
|
1E493C61000
|
unkown
|
page read and write
|
|
|
|
2760000
|
unkown
|
page readonly
|
|
|
|
7FF5B7150000
|
unkown
|
page readonly
|
|
|
|
A10000
|
unkown
|
page read and write
|
|
There are 84 hidden memdumps, click here to show them.