Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
POv5Nk1dlu.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runas.url
|
Generic INItialization configuration [InternetShortcut]
|
modified
|
|
|
|
C:\Users\user\RDVGHelper\at.exe
|
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Users\user\RDVGHelper\runas.vbs
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\POv5Nk1dlu.exe
|
C:\Users\user\Desktop\POv5Nk1dlu.exe
|
|
|
|
C:\Windows\System32\wscript.exe
|
"C:\Windows\System32\WScript.exe" "C:\Users\user\RDVGHelper\runas.vbs"
|
|
|
|
C:\Users\user\RDVGHelper\at.exe
|
"C:\Users\user\RDVGHelper\at.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org
|
unknown
|
||
|
http://checkip.dyndns.orgmTimed
|
unknown
|
||
|
http://bot.whatismyipaddress.com
|
unknown
|
||
|
http://bot.whatismyipaddress.com6
|
unknown
|
||
|
http://www.myexternalip.com/raw
|
unknown
|
||
|
http://checkip.dyndns.orgmTime
|
unknown
|
||
|
http://www.myexternalip.com/raw/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
|
SlowContextMenuEntries
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1094000
|
unkown
|
page write copy
|
||
|
3598000
|
trusted library allocation
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
9E0000
|
unkown
|
page execute and write copy
|
||
|
3444000
|
trusted library allocation
|
page read and write
|
||
|
1928C107000
|
heap
|
page read and write
|
||
|
E1F000
|
heap
|
page read and write
|
||
|
1928C1A8000
|
heap
|
page read and write
|
||
|
8E0000
|
trusted library allocation
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
3380000
|
trusted library allocation
|
page read and write
|
||
|
3D41000
|
trusted library allocation
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
1928C1B8000
|
heap
|
page read and write
|
||
|
D42000
|
heap
|
page read and write
|
||
|
33343FE000
|
stack
|
page read and write
|
||
|
BED000
|
stack
|
page read and write
|
||
|
34A1000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
A05000
|
unkown
|
page execute and write copy
|
||
|
C50000
|
heap
|
page read and write
|
||
|
1779000
|
heap
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
A55000
|
unkown
|
page execute and write copy
|
||
|
A05000
|
unkown
|
page execute and write copy
|
||
|
7FC000
|
stack
|
page read and write
|
||
|
3452000
|
trusted library allocation
|
page read and write
|
||
|
1928C13D000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
1621000
|
heap
|
page read and write
|
||
|
1928BF60000
|
heap
|
page read and write
|
||
|
7D9000
|
stack
|
page read and write
|
||
|
3333CFE000
|
stack
|
page read and write
|
||
|
17B4000
|
heap
|
page read and write
|
||
|
1928C1A8000
|
heap
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
105C000
|
unkown
|
page write copy
|
||
|
A94000
|
unkown
|
page write copy
|
||
|
1005000
|
unkown
|
page execute and write copy
|
||
|
D4D000
|
heap
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
3CEE000
|
trusted library allocation
|
page read and write
|
||
|
DEF000
|
heap
|
page read and write
|
||
|
34A9000
|
trusted library allocation
|
page read and write
|
||
|
1300000
|
heap
|
page read and write
|
||
|
3E9E000
|
trusted library allocation
|
page read and write
|
||
|
3435000
|
trusted library allocation
|
page read and write
|
||
|
A6B000
|
unkown
|
page write copy
|
||
|
B58000
|
heap
|
page read and write
|
||
|
1928C119000
|
heap
|
page read and write
|
||
|
344A000
|
trusted library allocation
|
page read and write
|
||
|
FDF000
|
unkown
|
page execute and read and write
|
||
|
33340F6000
|
stack
|
page read and write
|
||
|
3E47000
|
trusted library allocation
|
page read and write
|
||
|
3C27000
|
trusted library allocation
|
page read and write
|
||
|
A5C000
|
unkown
|
page write copy
|
||
|
1928DE57000
|
heap
|
page read and write
|
||
|
3602000
|
trusted library allocation
|
page read and write
|
||
|
35E7000
|
trusted library allocation
|
page read and write
|
||
|
1928C109000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
15EB000
|
heap
|
page read and write
|
||
|
1928DE50000
|
heap
|
page read and write
|
||
|
A5C000
|
unkown
|
page write copy
|
||
|
D0A000
|
heap
|
page read and write
|
||
|
338F000
|
trusted library allocation
|
page read and write
|
||
|
1928C1BD000
|
heap
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
3E42000
|
trusted library allocation
|
page read and write
|
||
|
35AB000
|
trusted library allocation
|
page read and write
|
||
|
1847000
|
heap
|
page read and write
|
||
|
3E8B000
|
trusted library allocation
|
page read and write
|
||
|
1928C169000
|
heap
|
page read and write
|
||
|
1928C12B000
|
heap
|
page read and write
|
||
|
1013000
|
unkown
|
page execute and write copy
|
||
|
1928C109000
|
heap
|
page read and write
|
||
|
1304000
|
heap
|
page read and write
|
||
|
35A6000
|
trusted library allocation
|
page read and write
|
||
|
1928C130000
|
heap
|
page read and write
|
||
|
3CE9000
|
trusted library allocation
|
page read and write
|
||
|
11FC000
|
stack
|
page read and write
|
||
|
359D000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
7CE000
|
stack
|
page read and write
|
||
|
1928C0A0000
|
heap
|
page read and write
|
||
|
3387000
|
trusted library allocation
|
page read and write
|
||
|
A55000
|
unkown
|
page execute and write copy
|
||
|
950000
|
unkown
|
page readonly
|
||
|
34E3000
|
trusted library allocation
|
page read and write
|
||
|
1005000
|
unkown
|
page execute and write copy
|
||
|
1340000
|
heap
|
page read and write
|
||
|
1928C118000
|
heap
|
page read and write
|
||
|
1055000
|
unkown
|
page execute and write copy
|
||
|
B50000
|
heap
|
page read and write
|
||
|
1928C240000
|
heap
|
page read and write
|
||
|
1808000
|
heap
|
page read and write
|
||
|
1928C132000
|
heap
|
page read and write
|
||
|
87E000
|
stack
|
page read and write
|
||
|
349A000
|
trusted library allocation
|
page read and write
|
||
|
3CE5000
|
trusted library allocation
|
page read and write
|
||
|
3D2B000
|
trusted library allocation
|
page read and write
|
||
|
344D000
|
trusted library allocation
|
page read and write
|
||
|
1928C1BF000
|
heap
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
B83000
|
heap
|
page read and write
|
||
|
16BC000
|
heap
|
page read and write
|
||
|
1796000
|
heap
|
page read and write
|
||
|
1928C2AB000
|
heap
|
page read and write
|
||
|
3CEE000
|
trusted library allocation
|
page read and write
|
||
|
910000
|
heap
|
page read and write
|
||
|
1928C0E8000
|
heap
|
page read and write
|
||
|
35FD000
|
trusted library allocation
|
page read and write
|
||
|
3CE0000
|
trusted library allocation
|
page read and write
|
||
|
33347FD000
|
stack
|
page read and write
|
||
|
1055000
|
unkown
|
page execute and write copy
|
||
|
B00000
|
heap
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
3CE9000
|
trusted library allocation
|
page read and write
|
||
|
1091000
|
unkown
|
page read and write
|
||
|
900000
|
trusted library allocation
|
page read and write
|
||
|
1928C0C0000
|
heap
|
page read and write
|
||
|
1928C2A5000
|
heap
|
page read and write
|
||
|
348B000
|
trusted library allocation
|
page read and write
|
||
|
F51000
|
unkown
|
page execute and write copy
|
||
|
106B000
|
unkown
|
page write copy
|
||
|
3E4A000
|
trusted library allocation
|
page read and write
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
3E3C000
|
trusted library allocation
|
page read and write
|
||
|
B05000
|
heap
|
page read and write
|
||
|
9DF000
|
unkown
|
page execute and read and write
|
||
|
3D45000
|
trusted library allocation
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
A6B000
|
unkown
|
page write copy
|
||
|
C17000
|
heap
|
page read and write
|
||
|
A91000
|
unkown
|
page read and write
|
||
|
3443000
|
trusted library allocation
|
page read and write
|
||
|
3E39000
|
trusted library allocation
|
page read and write
|
||
|
D69000
|
heap
|
page read and write
|
||
|
1928C1B6000
|
heap
|
page read and write
|
||
|
33341FD000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
BB4000
|
heap
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
3D84000
|
trusted library allocation
|
page read and write
|
||
|
1928C129000
|
heap
|
page read and write
|
||
|
3CEA000
|
trusted library allocation
|
page read and write
|
||
|
C31000
|
heap
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
1608000
|
heap
|
page read and write
|
||
|
A0F000
|
unkown
|
page execute and write copy
|
||
|
3333BFD000
|
stack
|
page read and write
|
||
|
213E000
|
stack
|
page read and write
|
||
|
951000
|
unkown
|
page execute and write copy
|
||
|
33342FE000
|
stack
|
page read and write
|
||
|
3C2B000
|
trusted library allocation
|
page read and write
|
||
|
1928C1B7000
|
heap
|
page read and write
|
||
|
1928C13D000
|
heap
|
page read and write
|
||
|
13C5000
|
heap
|
page read and write
|
||
|
A0F000
|
unkown
|
page execute and read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
6160000
|
trusted library allocation
|
page read and write
|
||
|
3E88000
|
trusted library allocation
|
page read and write
|
||
|
33346FF000
|
stack
|
page read and write
|
||
|
106B000
|
unkown
|
page write copy
|
||
|
1640000
|
heap
|
page read and write
|
||
|
3D2F000
|
trusted library allocation
|
page read and write
|
||
|
33348FB000
|
stack
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
1928C1B9000
|
heap
|
page read and write
|
||
|
34E8000
|
trusted library allocation
|
page read and write
|
||
|
1928C113000
|
heap
|
page read and write
|
||
|
A13000
|
unkown
|
page execute and write copy
|
||
|
3D87000
|
trusted library allocation
|
page read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
35A6000
|
trusted library allocation
|
page read and write
|
||
|
185F000
|
heap
|
page read and write
|
||
|
33344FB000
|
stack
|
page read and write
|
||
|
3445000
|
trusted library allocation
|
page read and write
|
||
|
F51000
|
unkown
|
page execute and write copy
|
||
|
1D3F000
|
stack
|
page read and write
|
||
|
CE8000
|
heap
|
page read and write
|
||
|
ADA000
|
stack
|
page read and write
|
||
|
105C000
|
unkown
|
page write copy
|
||
|
30000
|
trusted library allocation
|
page read and write
|
||
|
11AF000
|
stack
|
page read and write
|
||
|
1750000
|
heap
|
page read and write
|
||
|
1928C12C000
|
heap
|
page read and write
|
||
|
1928C113000
|
heap
|
page read and write
|
||
|
3E45000
|
trusted library allocation
|
page read and write
|
||
|
F50000
|
unkown
|
page readonly
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
950000
|
unkown
|
page readonly
|
||
|
1928C0E0000
|
heap
|
page read and write
|
||
|
1928C169000
|
heap
|
page read and write
|
||
|
11BE000
|
stack
|
page read and write
|
||
|
1928C12A000
|
heap
|
page read and write
|
||
|
11D9000
|
stack
|
page read and write
|
||
|
1928C113000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
1928C2A0000
|
heap
|
page read and write
|
||
|
3D45000
|
trusted library allocation
|
page read and write
|
||
|
8F4000
|
heap
|
page read and write
|
||
|
B09000
|
heap
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
1607000
|
heap
|
page read and write
|
||
|
3D2F000
|
trusted library allocation
|
page read and write
|
||
|
13C9000
|
heap
|
page read and write
|
||
|
3CDC000
|
trusted library allocation
|
page read and write
|
||
|
CB2000
|
heap
|
page read and write
|
||
|
B9E000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
951000
|
unkown
|
page execute and write copy
|
||
|
1819000
|
heap
|
page read and write
|
||
|
100F000
|
unkown
|
page execute and read and write
|
||
|
3333AF9000
|
stack
|
page read and write
|
||
|
13D0000
|
trusted library allocation
|
page read and write
|
||
|
3484000
|
trusted library allocation
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
1573000
|
heap
|
page read and write
|
||
|
3333FFF000
|
stack
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
35EC000
|
trusted library allocation
|
page read and write
|
||
|
3333EFF000
|
stack
|
page read and write
|
||
|
343C000
|
trusted library allocation
|
page read and write
|
||
|
1928C105000
|
heap
|
page read and write
|
||
|
100F000
|
unkown
|
page execute and write copy
|
||
|
343E000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
unkown
|
page execute and write copy
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
3493000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
19290AC0000
|
heap
|
page read and write
|
||
|
6A00000
|
trusted library allocation
|
page read and write
|
||
|
1704000
|
heap
|
page read and write
|
||
|
189E000
|
stack
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
3EA1000
|
trusted library allocation
|
page read and write
|
||
|
3C2B000
|
trusted library allocation
|
page read and write
|
There are 231 hidden memdumps, click here to show them.