Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\2F60.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\AEC4.tmp
|
ASCII text, with CRLF line terminators
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,FgnfMvSNFULXZx
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll,KVpawdrrKTUjeZuk
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\c2b80b8cbd660c3208162ed596e0443ea8f786b6fd1f809f2d2a1e07fe6475cd.dll",#1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /c "echo Commands" >> C:\Users\user\AppData\Local\Temp\2F60.tmp
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /c "dir" >> C:\Users\user\AppData\Local\Temp\2F60.tmp
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /c "echo Commands" >> C:\Users\user~1\AppData\Local\Temp\AEC4.tmp
|
||
|
C:\Windows\System32\cmd.exe
|
cmd /c "dir" >> C:\Users\user~1\AppData\Local\Temp\AEC4.tmp
|
There are 4 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://higmon.cyouhttps://prises.cyou
|
unknown
|
|
|
|
https://higmon.cyou/index.html
|
unknown
|
|
|
|
https://higmon.cyou
|
unknown
|
|
|
|
https://higmon.cyou/
|
unknown
|
|
|
|
https://higmon.cyou/index.htmlce
|
unknown
|
|
|
|
https://my.tealiumiq.com/urest/legacy/tagcompanion/getProfile?utid=
|
unknown
|
||
|
https://http://Mozilla/5.0
|
unknown
|
||
|
https://prises.cyou
|
unknown
|
||
|
https://higmon.cyou/index.html7b9a
|
unknown
|
||
|
https://higmon.cyouhttps://prises.cyouR
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
higmon.cyou
|
45.8.147.179
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.8.147.179
|
higmon.cyou
|
Russian Federation
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FF741F5000
|
heap
|
page read and write
|
||
|
1FF73EC0000
|
unkown
|
page readonly
|
||
|
1D86D010000
|
unkown
|
page read and write
|
||
|
2233FC25000
|
heap
|
page read and write
|
||
|
23124204000
|
heap
|
page read and write
|
||
|
71B000
|
stack
|
page read and write
|
||
|
E199AFF000
|
unkown
|
page read and write
|
||
|
1D86CFF0000
|
unkown
|
page readonly
|
||
|
20DA3AA2000
|
heap
|
page read and write
|
||
|
20DA1DD7000
|
heap
|
page read and write
|
||
|
E1997C8000
|
stack
|
page read and write
|
||
|
18000E000
|
direct allocation
|
page readonly
|
||
|
1D86D010000
|
unkown
|
page read and write
|
||
|
1FF73F40000
|
heap
|
page read and write
|
||
|
20D6AF50000
|
heap
|
page read and write
|
||
|
23122610000
|
heap
|
page read and write
|
||
|
1FF73ED0000
|
unkown
|
page readonly
|
||
|
20D6CA40000
|
heap
|
page read and write
|
||
|
23124010000
|
heap
|
page read and write
|
||
|
1FF73EE0000
|
unkown
|
page read and write
|
||
|
23122673000
|
heap
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
1D86D000000
|
unkown
|
page readonly
|
||
|
23124122000
|
heap
|
page read and write
|
||
|
2C3D000
|
stack
|
page read and write
|
||
|
1D86D3D0000
|
heap
|
page read and write
|
||
|
7F0000
|
remote allocation
|
page read and write
|
||
|
B34000
|
heap
|
page read and write
|
||
|
B2A000
|
heap
|
page read and write
|
||
|
5E5C59F000
|
stack
|
page read and write
|
||
|
2650000
|
heap
|
page read and write
|
||
|
2233E170000
|
heap
|
page read and write
|
||
|
20DA3AB1000
|
heap
|
page read and write
|
||
|
7C0000
|
direct allocation
|
page execute and read and write
|
||
|
ADF000
|
heap
|
page read and write
|
||
|
1D86D3D9000
|
heap
|
page read and write
|
||
|
20DA2060000
|
heap
|
page read and write
|
||
|
23122640000
|
direct allocation
|
page execute and read and write
|
||
|
2233E3B5000
|
heap
|
page read and write
|
||
|
8EBEEFF000
|
stack
|
page read and write
|
||
|
5E5C87F000
|
stack
|
page read and write
|
||
|
B2696FC000
|
stack
|
page read and write
|
||
|
1FF741F9000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
A98000
|
heap
|
page read and write
|
||
|
18000E000
|
direct allocation
|
page readonly
|
||
|
1D86D230000
|
heap
|
page read and write
|
||
|
1FF74200000
|
heap
|
page read and write
|
||
|
20DA1D10000
|
heap
|
page read and write
|
||
|
7FFA0AE61000
|
unkown
|
page execute read
|
||
|
2CBC000
|
stack
|
page read and write
|
||
|
20DA2065000
|
heap
|
page read and write
|
||
|
1D86D000000
|
unkown
|
page readonly
|
||
|
B06000
|
heap
|
page read and write
|
||
|
87156FD000
|
stack
|
page read and write
|
||
|
2233FDA0000
|
heap
|
page read and write
|
||
|
20DA1D30000
|
heap
|
page read and write
|
||
|
18000B000
|
direct allocation
|
page readonly
|
||
|
18000B000
|
direct allocation
|
page readonly
|
||
|
20D6AED0000
|
heap
|
page read and write
|
||
|
7FFA0AE60000
|
unkown
|
page readonly
|
||
|
1FF741F9000
|
heap
|
page read and write
|
||
|
2233E1FB000
|
heap
|
page read and write
|
||
|
1FF73E80000
|
heap
|
page read and write
|
||
|
180001000
|
direct allocation
|
page execute read
|
||
|
1FF73F99000
|
heap
|
page read and write
|
||
|
E40000
|
heap
|
page read and write
|
||
|
27E0000
|
heap
|
page read and write
|
||
|
231241F0000
|
heap
|
page read and write
|
||
|
20DA1DB0000
|
heap
|
page read and write
|
||
|
18000E000
|
direct allocation
|
page readonly
|
||
|
1FF73EF0000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
7FFA0AE62000
|
unkown
|
page readonly
|
||
|
B2F000
|
heap
|
page read and write
|
||
|
7FFA0AE63000
|
unkown
|
page write copy
|
||
|
7F0000
|
remote allocation
|
page read and write
|
||
|
246E000
|
heap
|
page read and write
|
||
|
2233FD91000
|
heap
|
page read and write
|
||
|
24950EA0000
|
heap
|
page read and write
|
||
|
23122660000
|
heap
|
page read and write
|
||
|
2233E1F0000
|
heap
|
page read and write
|
||
|
2233E3B0000
|
heap
|
page read and write
|
||
|
AE7000
|
heap
|
page read and write
|
||
|
23124120000
|
heap
|
page read and write
|
||
|
27E2000
|
heap
|
page read and write
|
||
|
1FF73ED0000
|
unkown
|
page readonly
|
||
|
2233E350000
|
heap
|
page read and write
|
||
|
87157FF000
|
unkown
|
page read and write
|
||
|
2233FDB4000
|
heap
|
page read and write
|
||
|
5E5C51C000
|
stack
|
page read and write
|
||
|
1D86D130000
|
heap
|
page read and write
|
||
|
B17000
|
heap
|
page read and write
|
||
|
20D6AEF0000
|
heap
|
page read and write
|
||
|
20DA3944000
|
heap
|
page read and write
|
||
|
7FFA0AEE5000
|
unkown
|
page readonly
|
||
|
750000
|
heap
|
page read and write
|
||
|
20D6AE60000
|
heap
|
page read and write
|
||
|
1D86CFB0000
|
heap
|
page read and write
|
||
|
23122668000
|
heap
|
page read and write
|
||
|
231241E0000
|
heap
|
page read and write
|
||
|
2664000
|
heap
|
page read and write
|
||
|
23123F0C000
|
heap
|
page read and write
|
||
|
20DA1CA0000
|
heap
|
page read and write
|
||
|
180001000
|
direct allocation
|
page execute read
|
||
|
1FF73F98000
|
heap
|
page read and write
|
||
|
24950D60000
|
heap
|
page read and write
|
||
|
20D6AF35000
|
heap
|
page read and write
|
||
|
249510E5000
|
heap
|
page read and write
|
||
|
7B42BEF000
|
stack
|
page read and write
|
||
|
231224D0000
|
heap
|
page read and write
|
||
|
20DA1DD0000
|
heap
|
page read and write
|
||
|
7B42E7F000
|
stack
|
page read and write
|
||
|
7A2B5AF000
|
stack
|
page read and write
|
||
|
E1997CC000
|
stack
|
page read and write
|
||
|
1FF73F60000
|
heap
|
page read and write
|
||
|
B269AFF000
|
stack
|
page read and write
|
||
|
1D86D0F0000
|
heap
|
page read and write
|
||
|
180001000
|
direct allocation
|
page execute read
|
||
|
23124131000
|
heap
|
page read and write
|
||
|
180001000
|
direct allocation
|
page execute read
|
||
|
1D86D3D9000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
20DA3AA0000
|
heap
|
page read and write
|
||
|
1D86D3D5000
|
heap
|
page read and write
|
||
|
2233E2F0000
|
direct allocation
|
page execute and read and write
|
||
|
2233FD80000
|
heap
|
page read and write
|
||
|
1FF741F0000
|
heap
|
page read and write
|
||
|
7A2B52C000
|
stack
|
page read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
2233FD82000
|
heap
|
page read and write
|
||
|
20D6AF5B000
|
heap
|
page read and write
|
||
|
7B42B6C000
|
stack
|
page read and write
|
||
|
24951050000
|
heap
|
page read and write
|
||
|
27F1000
|
heap
|
page read and write
|
||
|
8EBEF7F000
|
stack
|
page read and write
|
||
|
20DA381F000
|
heap
|
page read and write
|
||
|
20DA1DC0000
|
direct allocation
|
page execute and read and write
|
||
|
20DA3930000
|
heap
|
page read and write
|
||
|
18000E000
|
direct allocation
|
page readonly
|
||
|
18000B000
|
direct allocation
|
page readonly
|
||
|
AE3000
|
heap
|
page read and write
|
||
|
18000B000
|
direct allocation
|
page readonly
|
||
|
B27000
|
heap
|
page read and write
|
||
|
266E000
|
heap
|
page read and write
|
||
|
27CC000
|
stack
|
page read and write
|
||
|
7F0000
|
remote allocation
|
page read and write
|
||
|
24950EA7000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
||
|
1FF73F98000
|
heap
|
page read and write
|
||
|
20DA1DDB000
|
heap
|
page read and write
|
||
|
B269BFE000
|
stack
|
page read and write
|
||
|
20D6AF30000
|
heap
|
page read and write
|
||
|
E45000
|
heap
|
page read and write
|
||
|
1FF73EE0000
|
unkown
|
page read and write
|
||
|
24950FC0000
|
heap
|
page read and write
|
||
|
8EBEE7C000
|
stack
|
page read and write
|
||
|
2233E010000
|
heap
|
page read and write
|
||
|
1FF73EC0000
|
unkown
|
page readonly
|
||
|
249510E0000
|
heap
|
page read and write
|
||
|
2233E150000
|
heap
|
page read and write
|
||
|
24950EAB000
|
heap
|
page read and write
|
||
|
2233E1F7000
|
heap
|
page read and write
|
||
|
7A2B87F000
|
stack
|
page read and write
|
||
|
24950FA0000
|
heap
|
page read and write
|
||
|
2312269C000
|
heap
|
page read and write
|
||
|
1D86CFF0000
|
unkown
|
page readonly
|
||
|
2640000
|
heap
|
page read and write
|
||
|
180000000
|
direct allocation
|
page read and write
|
There are 159 hidden memdumps, click here to show them.