Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
ySJ1HwLs9k.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ySJ1HwLs9k.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ySJ1HwLs9k.exe
|
"C:\Users\user\Desktop\ySJ1HwLs9k.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://exmple.com/Uploader.php
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://ip-api.comx
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
208.95.112.1
|
ip-api.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ySJ1HwLs9k_RASMANCS
|
FileDirectory
|
There are 4 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7FFC01776000
|
trusted library allocation
|
page execute and read and write
|
||
|
240D2261000
|
heap
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
7FFC017B0000
|
trusted library allocation
|
page read and write
|
||
|
126D8000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
1B4D0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D2200000
|
heap
|
page read and write
|
||
|
B83000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B85000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
8D2000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
BFE50FE000
|
stack
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
B81000
|
trusted library allocation
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
1BA0E000
|
stack
|
page read and write
|
||
|
7FFC016A2000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
1B4E8000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
240D2252000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
8B9000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
7FFC0174C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFC01693000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B2CE000
|
stack
|
page read and write
|
||
|
894000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
BFE527C000
|
stack
|
page read and write
|
||
|
7FFC016BB000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
7FFC016BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
240D227D000
|
heap
|
page read and write
|
||
|
891000
|
trusted library allocation
|
page read and write
|
||
|
892000
|
trusted library allocation
|
page read and write
|
||
|
1B50F000
|
heap
|
page read and write
|
||
|
CFE000
|
stack
|
page read and write
|
||
|
7FFC01750000
|
trusted library allocation
|
page execute and read and write
|
||
|
240D2266000
|
heap
|
page read and write
|
||
|
240D225C000
|
heap
|
page read and write
|
||
|
126DD000
|
trusted library allocation
|
page read and write
|
||
|
7FFC01694000
|
trusted library allocation
|
page read and write
|
||
|
1B3CE000
|
stack
|
page read and write
|
||
|
1BB0D000
|
stack
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
heap
|
page read and write
|
||
|
2650000
|
heap
|
page execute and read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
BFE54F7000
|
stack
|
page read and write
|
||
|
7FFC016B0000
|
trusted library allocation
|
page read and write
|
||
|
BFE507B000
|
stack
|
page read and write
|
||
|
98B000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7FFC0169D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
929000
|
heap
|
page read and write
|
||
|
1B6CB000
|
stack
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
870000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7FFC016A9000
|
trusted library allocation
|
page read and write
|
||
|
850000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
240D225E000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
DA5000
|
heap
|
page read and write
|
||
|
240D228D000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D2308000
|
heap
|
page read and write
|
||
|
884000
|
trusted library allocation
|
page read and write
|
||
|
26C0000
|
heap
|
page read and write
|
||
|
911000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
26D1000
|
trusted library allocation
|
page read and write
|
||
|
90D000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
442000
|
unkown
|
page readonly
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D2802000
|
trusted library allocation
|
page read and write
|
||
|
BFE53FF000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
26DE000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
BFE55FF000
|
stack
|
page read and write
|
||
|
7FFC017C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
240D2229000
|
heap
|
page read and write
|
||
|
BFE517E000
|
stack
|
page read and write
|
||
|
240D1FB0000
|
heap
|
page read and write
|
||
|
898000
|
trusted library allocation
|
page read and write
|
||
|
BFE537B000
|
stack
|
page read and write
|
||
|
1B1CE000
|
stack
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D2302000
|
heap
|
page read and write
|
||
|
7FFC01850000
|
trusted library allocation
|
page execute and read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
1B90E000
|
stack
|
page read and write
|
||
|
BD0000
|
trusted library allocation
|
page read and write
|
||
|
7FFC016A0000
|
trusted library allocation
|
page read and write
|
||
|
BFE56FF000
|
stack
|
page read and write
|
||
|
7FFC01690000
|
trusted library allocation
|
page read and write
|
||
|
BB0000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
1BC0E000
|
stack
|
page read and write
|
||
|
7FFC016AD000
|
trusted library allocation
|
page execute and read and write
|
||
|
891000
|
trusted library allocation
|
page read and write
|
||
|
890000
|
trusted library allocation
|
page read and write
|
||
|
240D21E0000
|
trusted library allocation
|
page read and write
|
||
|
1B0C0000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
592000
|
stack
|
page read and write
|
||
|
7FFC016EC000
|
trusted library allocation
|
page execute and read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
7FF451990000
|
trusted library allocation
|
page execute and read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
240D2313000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
440000
|
unkown
|
page readonly
|
||
|
126D1000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
276A000
|
trusted library allocation
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
44E000
|
unkown
|
page readonly
|
||
|
B70000
|
trusted library allocation
|
page read and write
|
||
|
240D1FA0000
|
heap
|
page read and write
|
||
|
240D2213000
|
heap
|
page read and write
|
||
|
7FFC01740000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
264F000
|
stack
|
page read and write
|
||
|
1B08A000
|
stack
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
2758000
|
trusted library allocation
|
page read and write
|
||
|
240D2288000
|
heap
|
page read and write
|
||
|
BC0000
|
heap
|
page execute and read and write
|
||
|
240D2010000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D2300000
|
heap
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
8AC000
|
heap
|
page read and write
|
||
|
276F000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
1BD0E000
|
stack
|
page read and write
|
||
|
880000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
894000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
||
|
90B000
|
heap
|
page read and write
|
||
|
BA0000
|
trusted library allocation
|
page read and write
|
||
|
7FFC017B2000
|
trusted library allocation
|
page read and write
|
||
|
B80000
|
trusted library allocation
|
page read and write
|
||
|
240D223C000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
1AC4C000
|
stack
|
page read and write
|
||
|
B90000
|
trusted library allocation
|
page read and write
|
There are 188 hidden memdumps, click here to show them.