Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\file.exe.log
|
CSV text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
C:\Users\user\Desktop\file.exe
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pekonomia.duckdns.org
|
|
||
|
http://geoplugin.net/json.gp
|
unknown
|
||
|
http://geoplugin.net/json.gp/C
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
pekonomia.duckdns.org
|
192.169.69.26
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.169.69.26
|
pekonomia.duckdns.org
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Rmc-B0VP4N
|
exepath
|
|
|
|
HKEY_CURRENT_USER\Software\Rmc-B0VP4N
|
licence
|
|
|
|
HKEY_CURRENT_USER\Software\Rmc-B0VP4N
|
time
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
13F7000
|
heap
|
page read and write
|
|
|
|
18F9283E000
|
trusted library allocation
|
page read and write
|
|
|
|
18F91E43000
|
trusted library allocation
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
7FF814D62000
|
trusted library allocation
|
page read and write
|
||
|
2A003660000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFADB0000
|
trusted library allocation
|
page read and write
|
||
|
74647FD000
|
stack
|
page read and write
|
||
|
18FFAE90000
|
heap
|
page execute and read and write
|
||
|
7FF814D54000
|
trusted library allocation
|
page read and write
|
||
|
18FF8920000
|
unkown
|
page readonly
|
||
|
7FF814EF9000
|
trusted library allocation
|
page read and write
|
||
|
1422000
|
heap
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E34000
|
trusted library allocation
|
page read and write
|
||
|
7FF814D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
E737B7F000
|
stack
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFACB8000
|
heap
|
page read and write
|
||
|
2A002645000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
301F000
|
stack
|
page read and write
|
||
|
18FF8B3E000
|
heap
|
page read and write
|
||
|
2F1E000
|
stack
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
74633F5000
|
stack
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
1431000
|
heap
|
page read and write
|
||
|
18FF8E50000
|
heap
|
page read and write
|
||
|
18FF8B00000
|
heap
|
page read and write
|
||
|
18FFA5C0000
|
trusted library allocation
|
page read and write
|
||
|
2A0026A9000
|
heap
|
page read and write
|
||
|
7FF814D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0026EE000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5D0000
|
trusted library allocation
|
page read and write
|
||
|
1434000
|
heap
|
page read and write
|
||
|
1433000
|
heap
|
page read and write
|
||
|
1439000
|
heap
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8922000
|
unkown
|
page readonly
|
||
|
18FFADD0000
|
trusted library allocation
|
page read and write
|
||
|
2A003650000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
319F000
|
stack
|
page read and write
|
||
|
476000
|
remote allocation
|
page execute and read and write
|
||
|
18F918E9000
|
trusted library allocation
|
page read and write
|
||
|
18FF8C20000
|
heap
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
E737AF9000
|
stack
|
page read and write
|
||
|
7464FFE000
|
stack
|
page read and write
|
||
|
18FF8B19000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FF8B90000
|
heap
|
page read and write
|
||
|
18FF8C60000
|
trusted library allocation
|
page read and write
|
||
|
18FF8C75000
|
heap
|
page read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
7FF814E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A0026F1000
|
heap
|
page read and write
|
||
|
18FF8C70000
|
heap
|
page read and write
|
||
|
18F90005000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8AE0000
|
heap
|
page read and write
|
||
|
2A0026EF000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
7464BFD000
|
stack
|
page read and write
|
||
|
7FF814E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
2A003380000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA630000
|
trusted library allocation
|
page read and write
|
||
|
18FFACD0000
|
trusted library allocation
|
page read and write
|
||
|
2A003640000
|
heap
|
page readonly
|
||
|
2A002649000
|
heap
|
page read and write
|
||
|
7465BFF000
|
stack
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
2A0026EE000
|
heap
|
page read and write
|
||
|
2A0026E7000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library section
|
page read and write
|
||
|
18FF8B3B000
|
heap
|
page read and write
|
||
|
18FFADC0000
|
trusted library allocation
|
page read and write
|
||
|
18FFAEA8000
|
heap
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
7FF814DAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
7FF814D64000
|
trusted library allocation
|
page read and write
|
||
|
2A0025A0000
|
heap
|
page read and write
|
||
|
18F91E16000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FFACB0000
|
heap
|
page read and write
|
||
|
472000
|
remote allocation
|
page execute and read and write
|
||
|
FFE000
|
stack
|
page read and write
|
||
|
18FFADE0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5E0000
|
trusted library allocation
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5C0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
2A003370000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8B2F000
|
heap
|
page read and write
|
||
|
74643FF000
|
stack
|
page read and write
|
||
|
18FFA5D0000
|
trusted library allocation
|
page read and write
|
||
|
2A0025B0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF814D70000
|
trusted library allocation
|
page read and write
|
||
|
74653FE000
|
stack
|
page read and write
|
||
|
2A0033F0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E30000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18F90003000
|
trusted library allocation
|
page read and write
|
||
|
7FF814D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
74657FE000
|
stack
|
page read and write
|
||
|
18F90001000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
2A0036B0000
|
trusted library allocation
|
page read and write
|
||
|
2A002640000
|
heap
|
page read and write
|
||
|
E7376EC000
|
stack
|
page read and write
|
||
|
18FFAE00000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E70000
|
heap
|
page read and write
|
||
|
7463FFF000
|
stack
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
2A0026A0000
|
heap
|
page read and write
|
||
|
7463BFE000
|
stack
|
page read and write
|
||
|
18FFA5C0000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFACB0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5B0000
|
trusted library allocation
|
page read and write
|
||
|
74637FE000
|
stack
|
page read and write
|
||
|
18FFAEAE000
|
heap
|
page read and write
|
||
|
7FF814EF2000
|
trusted library allocation
|
page read and write
|
||
|
2A002650000
|
heap
|
page read and write
|
||
|
F5D000
|
stack
|
page read and write
|
||
|
31DE000
|
stack
|
page read and write
|
||
|
2A003630000
|
trusted library allocation
|
page read and write
|
||
|
18FF8C00000
|
heap
|
page read and write
|
||
|
18FF89A0000
|
heap
|
page read and write
|
||
|
18FF8B0C000
|
heap
|
page read and write
|
||
|
E737C79000
|
stack
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18F91CB2000
|
trusted library allocation
|
page read and write
|
||
|
18FF8B87000
|
heap
|
page read and write
|
||
|
E737CF9000
|
stack
|
page read and write
|
||
|
18F80001000
|
trusted library allocation
|
page read and write
|
||
|
18F91C22000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
13E0000
|
heap
|
page read and write
|
||
|
1432000
|
heap
|
page read and write
|
||
|
18FF8B6B000
|
heap
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
1431000
|
heap
|
page read and write
|
||
|
18F800E4000
|
trusted library allocation
|
page read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
18FF8922000
|
unkown
|
page readonly
|
||
|
18FFACC0000
|
trusted library allocation
|
page read and write
|
||
|
2A002870000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E75000
|
heap
|
page read and write
|
||
|
E737A79000
|
stack
|
page read and write
|
||
|
18F8000A000
|
trusted library allocation
|
page read and write
|
||
|
2A0026F1000
|
heap
|
page read and write
|
||
|
7FF49BCA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13F0000
|
heap
|
page read and write
|
||
|
32DE000
|
stack
|
page read and write
|
||
|
18FF8920000
|
unkown
|
page readonly
|
||
|
18F91C4F000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E20000
|
trusted library allocation
|
page read and write
|
||
|
18FF8B84000
|
heap
|
page read and write
|
||
|
18FFA5A0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5D0000
|
trusted library allocation
|
page read and write
|
||
|
7FF814E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF814D60000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FFACC7000
|
heap
|
page read and write
|
||
|
18F91809000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5F0000
|
heap
|
page execute and read and write
|
||
|
18FF8E60000
|
trusted library allocation
|
page read and write
|
||
|
18FF8E40000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
18FFA5E0000
|
trusted library allocation
|
page read and write
|
||
|
18FFACB0000
|
trusted library allocation
|
page read and write
|
||
|
13E5000
|
heap
|
page read and write
|
||
|
2A0033E0000
|
trusted library allocation
|
page read and write
|
||
|
18FFA5E0000
|
trusted library allocation
|
page read and write
|
||
|
18F8008D000
|
trusted library allocation
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
18F80005000
|
trusted library allocation
|
page read and write
|
||
|
18FF8B41000
|
heap
|
page read and write
|
||
|
142E000
|
heap
|
page read and write
|
||
|
18FFADF0000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
18FFA5C0000
|
trusted library allocation
|
page read and write
|
||
|
2A002610000
|
heap
|
page read and write
|
||
|
7FF814E00000
|
trusted library allocation
|
page read and write
|
There are 200 hidden memdumps, click here to show them.