Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INV NO -609983773 60983768.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\INV NO -609983773 60983768.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\INV NO -609983773 60983768.exe
|
C:\Users\user\Desktop\INV NO -609983773 60983768.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
172.111.234.110
|
|
||
|
https://opensource.bulkpdf.de/Whttps://opensource.bulkpdf.de/documentation
|
unknown
|
||
|
https://opensource.bulkpdf.de/documentation
|
unknown
|
||
|
https://opensource.bulkpdf.de/
|
unknown
|
||
|
http://fsf.org/
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
||
|
http://itextpdf.com/terms-of-use/
|
unknown
|
||
|
http://www.gnu.org/licenses
|
unknown
|
||
|
http://www.gnu.org/licenses/gpl-faq.html#FontException
|
unknown
|
||
|
http://www.gnu.org/licenses/
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13DB3EAF000
|
trusted library allocation
|
page read and write
|
|
|
|
13DB3F8F000
|
trusted library allocation
|
page read and write
|
|
|
|
13DA2350000
|
trusted library allocation
|
page read and write
|
||
|
13DA2430000
|
trusted library allocation
|
page read and write
|
||
|
17A58440000
|
remote allocation
|
page read and write
|
||
|
13DA2420000
|
trusted library allocation
|
page read and write
|
||
|
13DBBE10000
|
trusted library allocation
|
page read and write
|
||
|
13DA22F0000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2400000
|
trusted library allocation
|
page read and write
|
||
|
13DB3DE7000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC38E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2330000
|
trusted library allocation
|
page read and write
|
||
|
14BB8EF0000
|
remote allocation
|
page read and write
|
||
|
265FFF40000
|
remote allocation
|
page read and write
|
||
|
13DA3DB0000
|
trusted library allocation
|
page read and write
|
||
|
13DA216B000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA213A000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC390B000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2169000
|
heap
|
page read and write
|
||
|
1C89CFF000
|
stack
|
page read and write
|
||
|
13DA2340000
|
trusted library allocation
|
page read and write
|
||
|
13DA2312000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DB3DE3000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC38F4000
|
trusted library allocation
|
page read and write
|
||
|
13DA2450000
|
trusted library allocation
|
page read and write
|
||
|
13DA22D0000
|
trusted library allocation
|
page read and write
|
||
|
13DA3D70000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2330000
|
trusted library allocation
|
page read and write
|
||
|
17A58440000
|
remote allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC3A07000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2460000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC38F0000
|
trusted library allocation
|
page read and write
|
||
|
13DA2410000
|
heap
|
page execute and read and write
|
||
|
13DA2490000
|
trusted library allocation
|
page read and write
|
||
|
13DA2340000
|
trusted library allocation
|
page read and write
|
||
|
13DA2360000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC3990000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2321000
|
trusted library allocation
|
page read and write
|
||
|
13DA24A0000
|
trusted library allocation
|
page read and write
|
||
|
13DA244C000
|
trusted library allocation
|
page read and write
|
||
|
13DA20C0000
|
heap
|
page read and write
|
||
|
1C89594000
|
stack
|
page read and write
|
||
|
13DA2109000
|
heap
|
page read and write
|
||
|
13DA2350000
|
trusted library allocation
|
page read and write
|
||
|
13DA1F40000
|
unkown
|
page readonly
|
||
|
13DB3DE1000
|
trusted library allocation
|
page read and write
|
||
|
1C89BFD000
|
stack
|
page read and write
|
||
|
24BC9880000
|
remote allocation
|
page read and write
|
||
|
13DA2420000
|
trusted library allocation
|
page read and write
|
||
|
265FFF40000
|
remote allocation
|
page read and write
|
||
|
13DA2340000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
1C899FE000
|
stack
|
page read and write
|
||
|
13DA2020000
|
heap
|
page read and write
|
||
|
7FFDC38E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC39A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2304000
|
trusted library allocation
|
page read and write
|
||
|
13DA231D000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC393C000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA3DE1000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA20A0000
|
heap
|
page read and write
|
||
|
7FFDC3A00000
|
trusted library allocation
|
page read and write
|
||
|
13DA2360000
|
trusted library allocation
|
page read and write
|
||
|
13DA3DC0000
|
trusted library allocation
|
page read and write
|
||
|
13DA24B5000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
7FF43DE20000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFDC3900000
|
trusted library allocation
|
page read and write
|
||
|
1C89DFE000
|
stack
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC390D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C898FE000
|
stack
|
page read and write
|
||
|
7FFDC38ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2330000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2400000
|
trusted library allocation
|
page read and write
|
||
|
13DA3D80000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC39C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
24BC9880000
|
remote allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC38E0000
|
trusted library allocation
|
page read and write
|
||
|
13DA2430000
|
trusted library allocation
|
page read and write
|
||
|
13DA1F42000
|
unkown
|
page readonly
|
||
|
13DA2350000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC3A03000
|
trusted library allocation
|
page read and write
|
||
|
13DA2370000
|
heap
|
page read and write
|
||
|
13DBC490000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
1C89EFF000
|
stack
|
page read and write
|
||
|
13DA24B0000
|
heap
|
page read and write
|
||
|
13DA2080000
|
heap
|
page read and write
|
||
|
13DA2324000
|
trusted library allocation
|
page read and write
|
||
|
1C89AFE000
|
stack
|
page read and write
|
||
|
13DBC670000
|
heap
|
page execute and read and write
|
||
|
13DA3DD0000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
2BC033B0000
|
remote allocation
|
page read and write
|
||
|
13DA1F42000
|
unkown
|
page readonly
|
||
|
13DA233B000
|
trusted library allocation
|
page read and write
|
||
|
13DA2440000
|
trusted library allocation
|
page read and write
|
||
|
2BC033B0000
|
remote allocation
|
page read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
13DA2420000
|
trusted library section
|
page read and write
|
||
|
13DA213D000
|
heap
|
page read and write
|
||
|
13DA2129000
|
heap
|
page read and write
|
||
|
13DA3D90000
|
trusted library allocation
|
page read and write
|
||
|
13DA2470000
|
trusted library allocation
|
page read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
7FFDC3A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
13DA3DA0000
|
trusted library allocation
|
page read and write
|
||
|
1C89FFE000
|
stack
|
page read and write
|
||
|
13DA2100000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA1F40000
|
unkown
|
page readonly
|
||
|
7FFDC38FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
13DA2360000
|
trusted library allocation
|
page read and write
|
||
|
13DA2480000
|
trusted library allocation
|
page read and write
|
||
|
13DA2320000
|
trusted library allocation
|
page read and write
|
||
|
13DA2375000
|
heap
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
||
|
13DA23F0000
|
heap
|
page read and write
|
||
|
13DA213F000
|
heap
|
page read and write
|
||
|
14BB8EF0000
|
remote allocation
|
page read and write
|
||
|
13DA2300000
|
trusted library allocation
|
page read and write
|
||
|
13DA3DB4000
|
trusted library allocation
|
page read and write
|
||
|
13DA2400000
|
trusted library allocation
|
page read and write
|
||
|
13DA2310000
|
trusted library allocation
|
page read and write
|
There are 132 hidden memdumps, click here to show them.