Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\qtcnnjjg.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
\Device\ConDrv
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe
|
C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe /d"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\netsh.exe
|
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow
program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
|
|
|
|
C:\Windows\SysWOW64\svchost.exe
|
svchost.exe
|
|
|
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\tsqtjgfo\
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\user\AppData\Local\Temp\qtcnnjjg.exe" C:\Windows\SysWOW64\tsqtjgfo\
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
C:\Windows\System32\sc.exe" create tsqtjgfo binPath= "C:\Windows\SysWOW64\tsqtjgfo\qtcnnjjg.exe /d\"C:\Users\user\Desktop\file.exe\""
type= own start= auto DisplayName= "wifi support
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
C:\Windows\System32\sc.exe" description tsqtjgfo "wifi internet conection
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\sc.exe
|
"C:\Windows\System32\sc.exe" start tsqtjgfo
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
svartalfheim.top:443
|
|
||
|
jotunheim.name:443
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
svartalfheim.top
|
93.189.42.6
|
|
|
|
jotunheim.name
|
80.66.75.254
|
|
|
|
microsoft-com.mail.protection.outlook.com
|
52.101.40.29
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
80.66.75.254
|
jotunheim.name
|
Russian Federation
|
|
|
|
93.189.42.6
|
svartalfheim.top
|
Russian Federation
|
|
|
|
52.101.40.29
|
microsoft-com.mail.protection.outlook.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
C:\Windows\SysWOW64\tsqtjgfo
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tsqtjgfo
|
ImagePath
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2D20000
|
direct allocation
|
page execute and read and write
|
|
|
|
2C40000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2D40000
|
direct allocation
|
page read and write
|
|
|
|
2DA0000
|
direct allocation
|
page read and write
|
|
|
|
2D40000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
4D0000
|
remote allocation
|
page execute and read and write
|
|
|
|
415000
|
unkown
|
page execute read
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
A27000
|
heap
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
837000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
383D000
|
stack
|
page read and write
|
||
|
2DA8000
|
heap
|
page execute and read and write
|
||
|
4DFC000
|
stack
|
page read and write
|
||
|
2E00000
|
heap
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
83D000
|
trusted library allocation
|
page read and write
|
||
|
84B000
|
trusted library allocation
|
page read and write
|
||
|
3199000
|
heap
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
83D000
|
trusted library allocation
|
page read and write
|
||
|
861000
|
trusted library allocation
|
page read and write
|
||
|
49C000
|
stack
|
page read and write
|
||
|
2B91000
|
unkown
|
page readonly
|
||
|
58E000
|
stack
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
482F000
|
stack
|
page read and write
|
||
|
397E000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
D5C000
|
stack
|
page read and write
|
||
|
53EF000
|
stack
|
page read and write
|
||
|
A7D000
|
stack
|
page read and write
|
||
|
2D90000
|
heap
|
page read and write
|
||
|
51EF000
|
stack
|
page read and write
|
||
|
33FF000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
2DE0000
|
trusted library allocation
|
page read and write
|
||
|
800000
|
trusted library allocation
|
page read and write
|
||
|
2B91000
|
unkown
|
page readonly
|
||
|
36AF000
|
stack
|
page read and write
|
||
|
2D50000
|
heap
|
page read and write
|
||
|
497E000
|
stack
|
page read and write
|
||
|
2D8C000
|
stack
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
2E1A000
|
heap
|
page read and write
|
||
|
831000
|
trusted library allocation
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
30F0000
|
heap
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page readonly
|
||
|
D80000
|
trusted library allocation
|
page read and write
|
||
|
2E40000
|
heap
|
page read and write
|
||
|
55CC000
|
stack
|
page read and write
|
||
|
414000
|
unkown
|
page execute and read and write
|
||
|
83D000
|
trusted library allocation
|
page read and write
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
38AE000
|
stack
|
page read and write
|
||
|
2BEE000
|
stack
|
page read and write
|
||
|
415000
|
unkown
|
page execute read
|
||
|
417000
|
unkown
|
page execute read
|
||
|
520000
|
heap
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
49B0000
|
heap
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
9BE000
|
stack
|
page read and write
|
||
|
83D000
|
trusted library allocation
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
48F0000
|
heap
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
2D9A000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
D7E000
|
stack
|
page read and write
|
||
|
1F0000
|
trusted library allocation
|
page read and write
|
||
|
313E000
|
stack
|
page read and write
|
||
|
C0D000
|
stack
|
page read and write
|
||
|
838000
|
trusted library allocation
|
page read and write
|
||
|
2B8E000
|
unkown
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
37A0000
|
heap
|
page read and write
|
||
|
2B91000
|
unkown
|
page readonly
|
||
|
48AE000
|
stack
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
822000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
48C0000
|
heap
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
3ABE000
|
stack
|
page read and write
|
||
|
2B91000
|
unkown
|
page readonly
|
||
|
31C9000
|
heap
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
BA0000
|
heap
|
page read and write
|
||
|
48C6000
|
heap
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
861000
|
trusted library allocation
|
page read and write
|
||
|
848000
|
trusted library allocation
|
page read and write
|
||
|
54CE000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
2E33000
|
heap
|
page read and write
|
||
|
2DEF000
|
stack
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
8F0000
|
heap
|
page read and write
|
||
|
2DB9000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
300F000
|
stack
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
317F000
|
stack
|
page read and write
|
||
|
D2F000
|
stack
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
56C000
|
stack
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
812000
|
trusted library allocation
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
602000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
2C5F000
|
stack
|
page read and write
|
||
|
836000
|
trusted library allocation
|
page read and write
|
||
|
901000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
84B000
|
trusted library allocation
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
52D000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
2CBE000
|
stack
|
page read and write
|
||
|
9D000
|
stack
|
page read and write
|
||
|
2E23000
|
heap
|
page read and write
|
||
|
2DD7000
|
heap
|
page read and write
|
||
|
CEE000
|
stack
|
page read and write
|
||
|
93E000
|
stack
|
page read and write
|
||
|
45C000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
D30000
|
heap
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
30000
|
heap
|
page read and write
|
||
|
5D0000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
4FEF000
|
stack
|
page read and write
|
||
|
834000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
84D000
|
trusted library allocation
|
page read and write
|
||
|
419000
|
unkown
|
page write copy
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9D000
|
stack
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
417000
|
unkown
|
page execute read
|
||
|
530000
|
heap
|
page read and write
|
||
|
2E23000
|
heap
|
page execute and read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
863000
|
trusted library allocation
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
52EF000
|
stack
|
page read and write
|
||
|
330F000
|
stack
|
page read and write
|
||
|
C4C000
|
stack
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
83D000
|
trusted library allocation
|
page read and write
|
There are 194 hidden memdumps, click here to show them.