Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\f_00321b.dll",#1
|
 |
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s C:\Users\user\Desktop\f_00321b.dll
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\f_00321b.dll",#1
|
|
|
|
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\f_00321b.dll,DllRegisterServer
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\TMlQeVZkdztztmVcv\UUQGnKwW.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\CcdErbXwwqK\BMwTvRDPNYt.dll"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PmXMgnVtL\uQQuLasS.dll"
|
|
|
|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\f_00321b.dll"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://164.90.222.65/wlqjqf/sqfqe/frrdsoxthmytiqq/rzfarh/
|
164.90.222.65
|
|
|
|
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
|
unknown
|
||
|
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
|
unknown
|
||
|
http://www.diginotar.nl/cps/pkioverheid0
|
unknown
|
||
|
https://45.235.8.30:8080/wlqjqf/sqfqe/frrdsoxthmytiqq/rzfarh//A
|
unknown
|
||
|
http://crl.entrust.net/server1.crl0
|
unknown
|
||
|
https://45.235.8.30:8080/wlqjqf/sqfqe/frrdsoxthmytiqq/rzfarh/
|
unknown
|
||
|
http://ocsp.entrust.net0D
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
https://secure.comodo.com/CPS0
|
unknown
|
||
|
https://163.44.196.120:8080/wlqjqf/sqfqe/frrdsoxthmytiqq/rzfarh/$
|
unknown
|
||
|
http://crl.entrust.net/2048ca.crl0
|
unknown
|
There are 2 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
159.65.88.10
|
unknown
|
United States
|
|
|
|
172.105.226.75
|
unknown
|
United States
|
|
|
|
164.90.222.65
|
unknown
|
United States
|
|
|
|
110.232.117.186
|
unknown
|
Australia
|
|
|
|
213.239.212.5
|
unknown
|
Germany
|
|
|
|
5.135.159.50
|
unknown
|
France
|
|
|
|
186.194.240.217
|
unknown
|
Brazil
|
|
|
|
103.132.242.26
|
unknown
|
India
|
|
|
|
104.168.155.143
|
unknown
|
United States
|
|
|
|
119.59.103.152
|
unknown
|
Thailand
|
|
|
|
79.137.35.198
|
unknown
|
France
|
|
|
|
159.89.202.34
|
unknown
|
United States
|
|
|
|
91.121.146.47
|
unknown
|
France
|
|
|
|
160.16.142.56
|
unknown
|
Japan
|
|
|
|
201.94.166.162
|
unknown
|
Brazil
|
|
|
|
91.207.28.33
|
unknown
|
Kyrgyzstan
|
|
|
|
103.75.201.2
|
unknown
|
Thailand
|
|
|
|
103.43.75.120
|
unknown
|
Japan
|
|
|
|
115.68.227.76
|
unknown
|
Korea Republic of
|
|
|
|
188.44.20.25
|
unknown
|
Macedonia
|
|
|
|
45.235.8.30
|
unknown
|
Brazil
|
|
|
|
153.126.146.25
|
unknown
|
Japan
|
|
|
|
72.15.201.15
|
unknown
|
United States
|
|
|
|
163.44.196.120
|
unknown
|
Singapore
|
|
|
|
206.189.28.199
|
unknown
|
United States
|
|
|
|
107.170.39.149
|
unknown
|
United States
|
|
|
|
66.228.32.31
|
unknown
|
United States
|
|
|
|
187.63.160.88
|
unknown
|
Brazil
|
|
|
|
82.223.21.224
|
unknown
|
Spain
|
|
|
|
197.242.150.244
|
unknown
|
South Africa
|
|
|
|
173.212.193.249
|
unknown
|
Germany
|
|
|
|
185.4.135.165
|
unknown
|
Greece
|
|
|
|
183.111.227.137
|
unknown
|
Korea Republic of
|
|
|
|
45.176.232.124
|
unknown
|
Colombia
|
|
|
|
95.217.221.146
|
unknown
|
Germany
|
|
|
|
149.56.131.28
|
unknown
|
Canada
|
|
|
|
169.57.156.166
|
unknown
|
United States
|
|
|
|
164.68.99.3
|
unknown
|
Germany
|
|
|
|
182.162.143.56
|
unknown
|
Korea Republic of
|
|
|
|
139.59.126.41
|
unknown
|
Singapore
|
|
|
|
1.234.2.232
|
unknown
|
Korea Republic of
|
|
|
|
167.172.253.162
|
unknown
|
United States
|
|
|
|
129.232.188.93
|
unknown
|
South Africa
|
|
|
|
167.172.199.165
|
unknown
|
United States
|
|
|
|
202.129.205.3
|
unknown
|
Thailand
|
|
|
|
147.139.166.154
|
unknown
|
United States
|
|
|
|
153.92.5.27
|
unknown
|
Germany
|
|
|
|
94.23.45.86
|
unknown
|
France
|
|
There are 38 hidden IPs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8
|
Blob
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C
|
Blob
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1E1000
|
direct allocation
|
page execute read
|
|
|
|
1B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
150000
|
direct allocation
|
page execute and read and write
|
|
|
|
1E1000
|
direct allocation
|
page execute read
|
|
|
|
1F1000
|
direct allocation
|
page execute read
|
|
|
|
34A000
|
heap
|
page read and write
|
|
|
|
181000
|
direct allocation
|
page execute read
|
|
|
|
1B0000
|
direct allocation
|
page execute and read and write
|
|
|
|
5D0000
|
heap
|
page read and write
|
||
|
1D3000
|
heap
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
506000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
267000
|
heap
|
page read and write
|
||
|
220000
|
trusted library allocation
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
heap
|
page read and write
|
||
|
264000
|
heap
|
page read and write
|
||
|
616000
|
heap
|
page read and write
|
||
|
3B6000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
1A0000
|
direct allocation
|
page execute and read and write
|
||
|
2F7000
|
heap
|
page read and write
|
||
|
20A000
|
direct allocation
|
page readonly
|
||
|
544000
|
heap
|
page read and write
|
||
|
3DF5000
|
heap
|
page read and write
|
||
|
21C000
|
direct allocation
|
page readonly
|
||
|
180000
|
heap
|
page read and write
|
||
|
20F0000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
2B60000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
235B000
|
heap
|
page read and write
|
||
|
2EE000
|
heap
|
page read and write
|
||
|
39B000
|
heap
|
page read and write
|
||
|
24E9000
|
stack
|
page read and write
|
||
|
3D0000
|
heap
|
page read and write
|
||
|
384000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
231B000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
164000
|
heap
|
page read and write
|
||
|
240000
|
trusted library allocation
|
page read and write
|
||
|
20C000
|
direct allocation
|
page readonly
|
||
|
21A000
|
heap
|
page read and write
|
||
|
2CAC000
|
heap
|
page read and write
|
||
|
2E2F000
|
stack
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
20E5000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
220F000
|
stack
|
page read and write
|
||
|
29E000
|
heap
|
page read and write
|
||
|
240000
|
remote allocation
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
2C9F000
|
heap
|
page read and write
|
||
|
2CA8000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
20B0000
|
heap
|
page read and write
|
||
|
323000
|
heap
|
page read and write
|
||
|
2C80000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
3F70000
|
heap
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
27D000
|
heap
|
page read and write
|
||
|
2E2E000
|
stack
|
page read and write
|
||
|
241D000
|
stack
|
page read and write
|
||
|
A4000
|
heap
|
page read and write
|
||
|
257000
|
heap
|
page read and write
|
||
|
16C000
|
stack
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
2CD000
|
stack
|
page read and write
|
||
|
187000
|
heap
|
page read and write
|
||
|
2180000
|
heap
|
page read and write
|
||
|
11C000
|
stack
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
139000
|
stack
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
3DF0000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
24E000
|
heap
|
page read and write
|
||
|
325000
|
heap
|
page read and write
|
||
|
27E000
|
heap
|
page read and write
|
||
|
235000
|
heap
|
page read and write
|
||
|
30F000
|
heap
|
page read and write
|
||
|
496000
|
heap
|
page read and write
|
||
|
2E30000
|
heap
|
page read and write
|
||
|
450000
|
heap
|
page read and write
|
||
|
1F8000
|
heap
|
page read and write
|
||
|
654000
|
heap
|
page read and write
|
||
|
1F90000
|
heap
|
page read and write
|
||
|
275000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
500000
|
heap
|
page read and write
|
||
|
20C000
|
direct allocation
|
page readonly
|
||
|
242000
|
heap
|
page read and write
|
||
|
20E0000
|
heap
|
page read and write
|
||
|
20B000
|
direct allocation
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
2F6000
|
heap
|
page read and write
|
||
|
343000
|
heap
|
page read and write
|
||
|
23AC000
|
stack
|
page read and write
|
||
|
205000
|
heap
|
page read and write
|
||
|
211B000
|
heap
|
page read and write
|
||
|
20EB000
|
heap
|
page read and write
|
||
|
1EA000
|
heap
|
page read and write
|
||
|
1FE000
|
heap
|
page read and write
|
||
|
455000
|
heap
|
page read and write
|
||
|
210000
|
heap
|
page read and write
|
||
|
1BD000
|
stack
|
page read and write
|
||
|
20B5000
|
heap
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
1C7000
|
heap
|
page read and write
|
||
|
38D000
|
heap
|
page read and write
|
||
|
406000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
234000
|
heap
|
page read and write
|
||
|
1BE000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
30E000
|
heap
|
page read and write
|
||
|
1DA000
|
heap
|
page read and write
|
||
|
1A0000
|
direct allocation
|
page execute and read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
1B0000
|
direct allocation
|
page execute and read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
22E5000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
290000
|
heap
|
page read and write
|
||
|
134000
|
heap
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
1EE000
|
heap
|
page read and write
|
||
|
3AB000
|
heap
|
page read and write
|
||
|
379000
|
heap
|
page read and write
|
||
|
226B000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
1AC000
|
direct allocation
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
2CB0000
|
heap
|
page read and write
|
||
|
3F75000
|
heap
|
page read and write
|
||
|
39D000
|
heap
|
page read and write
|
||
|
1E0000
|
direct allocation
|
page read and write
|
||
|
385000
|
heap
|
page read and write
|
||
|
28DD000
|
stack
|
page read and write
|
||
|
290000
|
heap
|
page read and write
|
||
|
2179000
|
stack
|
page read and write
|
||
|
380000
|
heap
|
page read and write
|
||
|
213000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
242F000
|
stack
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
274000
|
heap
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
10000
|
heap
|
page read and write
|
||
|
280000
|
heap
|
page read and write
|
||
|
3F79000
|
heap
|
page read and write
|
||
|
32E000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
1E0000
|
direct allocation
|
page read and write
|
||
|
129000
|
stack
|
page read and write
|
||
|
2FB000
|
heap
|
page read and write
|
||
|
2D7000
|
heap
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
284000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
2A1000
|
heap
|
page read and write
|
||
|
23C000
|
stack
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
1AB000
|
direct allocation
|
page read and write
|
||
|
243B000
|
stack
|
page read and write
|
||
|
1AA000
|
direct allocation
|
page readonly
|
||
|
322000
|
heap
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
260000
|
heap
|
page read and write
|
||
|
3F0000
|
heap
|
page read and write
|
||
|
2D0000
|
heap
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
396000
|
heap
|
page read and write
|
||
|
39A000
|
heap
|
page read and write
|
||
|
22E000
|
heap
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
||
|
21B000
|
direct allocation
|
page read and write
|
||
|
218C000
|
stack
|
page read and write
|
||
|
2EBF000
|
stack
|
page read and write
|
||
|
20B000
|
direct allocation
|
page read and write
|
||
|
20A000
|
direct allocation
|
page readonly
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
326000
|
heap
|
page read and write
|
||
|
240000
|
remote allocation
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
251E000
|
stack
|
page read and write
|
||
|
32A000
|
heap
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
2EDE000
|
stack
|
page read and write
|
||
|
2479000
|
stack
|
page read and write
|
||
|
2C9D000
|
heap
|
page read and write
|
||
|
2B7E000
|
stack
|
page read and write
|
||
|
2320000
|
heap
|
page read and write
|
||
|
389000
|
heap
|
page read and write
|
||
|
140000
|
direct allocation
|
page execute and read and write
|
||
|
1F0000
|
direct allocation
|
page read and write
|
||
|
2C00000
|
heap
|
page read and write
|
||
|
2B80000
|
trusted library allocation
|
page read and write
|
||
|
2BF0000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
22DF000
|
stack
|
page read and write
|
||
|
2F0000
|
heap
|
page read and write
|
||
|
2F8F000
|
stack
|
page read and write
|
||
|
2325000
|
heap
|
page read and write
|
||
|
180000000
|
unkown
|
page readonly
|
||
|
650000
|
heap
|
page read and write
|
||
|
245000
|
heap
|
page read and write
|
||
|
400000
|
trusted library allocation
|
page execute and read and write
|
||
|
3DF9000
|
heap
|
page read and write
|
||
|
360000
|
heap
|
page read and write
|
||
|
217000
|
heap
|
page read and write
|
||
|
2D0E000
|
stack
|
page read and write
|
||
|
426000
|
heap
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
223F000
|
stack
|
page read and write
|
||
|
180023000
|
unkown
|
page readonly
|
||
|
1AC000
|
stack
|
page read and write
|
||
|
202000
|
heap
|
page read and write
|
||
|
180021000
|
unkown
|
page read and write
|
||
|
180000
|
direct allocation
|
page read and write
|
||
|
10000
|
heap
|
page read and write
|
||
|
1FCB000
|
heap
|
page read and write
|
||
|
238000
|
heap
|
page read and write
|
||
|
228C000
|
stack
|
page read and write
|
||
|
2DDF000
|
stack
|
page read and write
|
||
|
2BE000
|
heap
|
page read and write
|
||
|
1B0000
|
trusted library allocation
|
page read and write
|
||
|
180016000
|
unkown
|
page readonly
|
||
|
287000
|
heap
|
page read and write
|
||
|
2C0000
|
heap
|
page read and write
|
||
|
250000
|
heap
|
page read and write
|
||
|
180001000
|
unkown
|
page execute read
|
||
|
260000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
23E000
|
heap
|
page read and write
|
||
|
21A000
|
direct allocation
|
page readonly
|
||
|
564000
|
heap
|
page read and write
|
||
|
160000
|
heap
|
page read and write
|
||
|
22AE000
|
stack
|
page read and write
|
||
|
2D20000
|
trusted library allocation
|
page read and write
|
||
|
1F95000
|
heap
|
page read and write
|
||
|
22A000
|
heap
|
page read and write
|
||
|
A0000
|
heap
|
page read and write
|
||
|
2B40000
|
trusted library allocation
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
There are 266 hidden memdumps, click here to show them.