Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HAhJORNtiOFCEGH.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\HAhJORNtiOFCEGH.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HAhJORNtiOFCEGH.exe
|
"C:\Users\user\Desktop\HAhJORNtiOFCEGH.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://r3.o.lencr.org0
|
unknown
|
||
|
http://mail.pu.edu.af
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://x1.c.lencr.org/0
|
unknown
|
||
|
http://x1.i.lencr.org/0
|
unknown
|
||
|
http://r3.i.lencr.org/03
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.pu.edu.af
|
103.132.98.224
|
|
|
|
bg.microsoft.map.fastly.net
|
199.232.210.172
|
||
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
103.132.98.224
|
mail.pu.edu.af
|
Afghanistan
|
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EB1000
|
trusted library allocation
|
page read and write
|
|
|
|
41EE000
|
trusted library allocation
|
page read and write
|
|
|
|
26CE000
|
trusted library allocation
|
page read and write
|
|
|
|
26F9000
|
trusted library allocation
|
page read and write
|
|
|
|
4B12000
|
trusted library allocation
|
page read and write
|
|
|
|
311E000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2681000
|
trusted library allocation
|
page read and write
|
|
|
|
5990000
|
trusted library section
|
page read and write
|
|
|
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
54E3000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
584E000
|
stack
|
page read and write
|
||
|
772F000
|
stack
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
90EE000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
8DEE000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
4688000
|
trusted library allocation
|
page read and write
|
||
|
D70000
|
heap
|
page read and write
|
||
|
1082000
|
heap
|
page read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
1532000
|
trusted library allocation
|
page read and write
|
||
|
4CDC000
|
stack
|
page read and write
|
||
|
DA4000
|
trusted library allocation
|
page read and write
|
||
|
5B1C000
|
trusted library allocation
|
page read and write
|
||
|
5868000
|
heap
|
page read and write
|
||
|
CAA000
|
stack
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
4C60000
|
trusted library allocation
|
page read and write
|
||
|
B70000
|
unkown
|
page readonly
|
||
|
5B36000
|
trusted library allocation
|
page read and write
|
||
|
A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3EB1000
|
trusted library allocation
|
page read and write
|
||
|
4C7A000
|
trusted library allocation
|
page read and write
|
||
|
950000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
heap
|
page read and write
|
||
|
A09000
|
heap
|
page read and write
|
||
|
51EE000
|
stack
|
page read and write
|
||
|
4C66000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
5C80000
|
trusted library allocation
|
page read and write
|
||
|
956000
|
trusted library allocation
|
page execute and read and write
|
||
|
988000
|
heap
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
14F0000
|
trusted library allocation
|
page read and write
|
||
|
5B10000
|
trusted library allocation
|
page read and write
|
||
|
3F55000
|
trusted library allocation
|
page read and write
|
||
|
508C000
|
stack
|
page read and write
|
||
|
150D000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F07000
|
trusted library allocation
|
page read and write
|
||
|
9AA000
|
heap
|
page read and write
|
||
|
104A000
|
heap
|
page read and write
|
||
|
FF7D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1110000
|
heap
|
page read and write
|
||
|
4C86000
|
trusted library allocation
|
page read and write
|
||
|
5B90000
|
trusted library allocation
|
page execute and read and write
|
||
|
9B4000
|
heap
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
63B0000
|
trusted library allocation
|
page read and write
|
||
|
5A12000
|
heap
|
page read and write
|
||
|
4F40000
|
trusted library allocation
|
page read and write
|
||
|
36A9000
|
trusted library allocation
|
page read and write
|
||
|
CBE000
|
stack
|
page read and write
|
||
|
8F9000
|
stack
|
page read and write
|
||
|
5E2D000
|
stack
|
page read and write
|
||
|
152A000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C7E000
|
trusted library allocation
|
page read and write
|
||
|
A7D000
|
heap
|
page read and write
|
||
|
54D0000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
5402000
|
trusted library allocation
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
93D000
|
trusted library allocation
|
page execute and read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
940000
|
trusted library allocation
|
page read and write
|
||
|
50EF000
|
stack
|
page read and write
|
||
|
5960000
|
trusted library allocation
|
page execute and read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
51A000
|
stack
|
page read and write
|
||
|
5C6E000
|
stack
|
page read and write
|
||
|
4C6E000
|
trusted library allocation
|
page read and write
|
||
|
587E000
|
heap
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
||
|
5A00000
|
trusted library allocation
|
page read and write
|
||
|
967000
|
trusted library allocation
|
page execute and read and write
|
||
|
5460000
|
heap
|
page execute and read and write
|
||
|
1526000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A50000
|
trusted library allocation
|
page read and write
|
||
|
3EB9000
|
trusted library allocation
|
page read and write
|
||
|
117D000
|
stack
|
page read and write
|
||
|
D90000
|
trusted library allocation
|
page read and write
|
||
|
4F8B000
|
stack
|
page read and write
|
||
|
4EE0000
|
heap
|
page execute and read and write
|
||
|
26E7000
|
trusted library allocation
|
page read and write
|
||
|
408E000
|
trusted library allocation
|
page read and write
|
||
|
9F6000
|
heap
|
page read and write
|
||
|
A74000
|
heap
|
page read and write
|
||
|
1537000
|
trusted library allocation
|
page execute and read and write
|
||
|
106C000
|
heap
|
page read and write
|
||
|
D50000
|
heap
|
page execute and read and write
|
||
|
5B40000
|
trusted library allocation
|
page execute and read and write
|
||
|
5850000
|
trusted library section
|
page read and write
|
||
|
920000
|
trusted library allocation
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
153B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D50000
|
heap
|
page read and write
|
||
|
3FA3000
|
trusted library allocation
|
page read and write
|
||
|
DB0000
|
trusted library allocation
|
page read and write
|
||
|
4EEE000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
481E000
|
stack
|
page read and write
|
||
|
922E000
|
stack
|
page read and write
|
||
|
26F4000
|
trusted library allocation
|
page read and write
|
||
|
59FB000
|
stack
|
page read and write
|
||
|
53DB000
|
trusted library allocation
|
page read and write
|
||
|
129E000
|
stack
|
page read and write
|
||
|
1550000
|
trusted library allocation
|
page read and write
|
||
|
5C70000
|
trusted library allocation
|
page read and write
|
||
|
151D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5970000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
trusted library allocation
|
page read and write
|
||
|
5C77000
|
trusted library allocation
|
page read and write
|
||
|
53FD000
|
trusted library allocation
|
page read and write
|
||
|
4F3E000
|
stack
|
page read and write
|
||
|
933000
|
trusted library allocation
|
page execute and read and write
|
||
|
A53000
|
heap
|
page read and write
|
||
|
26CC000
|
trusted library allocation
|
page read and write
|
||
|
965000
|
trusted library allocation
|
page execute and read and write
|
||
|
614E000
|
stack
|
page read and write
|
||
|
54A2000
|
trusted library allocation
|
page read and write
|
||
|
2F48000
|
trusted library allocation
|
page read and write
|
||
|
8CEE000
|
stack
|
page read and write
|
||
|
62AE000
|
stack
|
page read and write
|
||
|
8BEE000
|
stack
|
page read and write
|
||
|
5400000
|
trusted library allocation
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
934000
|
trusted library allocation
|
page read and write
|
||
|
6580000
|
heap
|
page read and write
|
||
|
41B1000
|
trusted library allocation
|
page read and write
|
||
|
D60000
|
heap
|
page read and write
|
||
|
4C81000
|
trusted library allocation
|
page read and write
|
||
|
2EAE000
|
stack
|
page read and write
|
||
|
5415000
|
trusted library allocation
|
page read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
4C8D000
|
trusted library allocation
|
page read and write
|
||
|
620E000
|
stack
|
page read and write
|
||
|
10EF000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library allocation
|
page execute and read and write
|
||
|
AA0000
|
heap
|
page read and write
|
||
|
B72000
|
unkown
|
page readonly
|
||
|
4C64000
|
trusted library allocation
|
page read and write
|
||
|
89ED000
|
stack
|
page read and write
|
||
|
5865000
|
heap
|
page read and write
|
||
|
4C6B000
|
trusted library allocation
|
page read and write
|
||
|
2DAE000
|
stack
|
page read and write
|
||
|
53EE000
|
trusted library allocation
|
page read and write
|
||
|
5B20000
|
trusted library allocation
|
page read and write
|
||
|
3681000
|
trusted library allocation
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
1530000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
trusted library allocation
|
page read and write
|
||
|
1180000
|
heap
|
page read and write
|
||
|
8A2E000
|
stack
|
page read and write
|
||
|
4D43000
|
heap
|
page read and write
|
||
|
952000
|
trusted library allocation
|
page read and write
|
||
|
104E000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
53D4000
|
trusted library allocation
|
page read and write
|
||
|
95A000
|
trusted library allocation
|
page execute and read and write
|
||
|
52EF000
|
stack
|
page read and write
|
||
|
13BF000
|
stack
|
page read and write
|
||
|
1504000
|
trusted library allocation
|
page read and write
|
||
|
2D40000
|
trusted library allocation
|
page read and write
|
||
|
7501000
|
trusted library allocation
|
page read and write
|
||
|
96B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5A59000
|
trusted library allocation
|
page read and write
|
||
|
5980000
|
trusted library allocation
|
page execute and read and write
|
||
|
1513000
|
trusted library allocation
|
page read and write
|
||
|
DA0000
|
trusted library allocation
|
page read and write
|
||
|
5B30000
|
trusted library allocation
|
page read and write
|
||
|
63AE000
|
stack
|
page read and write
|
||
|
4C92000
|
trusted library allocation
|
page read and write
|
||
|
6470000
|
trusted library section
|
page read and write
|
||
|
8EED000
|
stack
|
page read and write
|
||
|
4EF0000
|
trusted library allocation
|
page read and write
|
||
|
2701000
|
trusted library allocation
|
page read and write
|
||
|
94D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4C72000
|
trusted library allocation
|
page read and write
|
||
|
4E8E000
|
stack
|
page read and write
|
||
|
99E000
|
heap
|
page read and write
|
||
|
912E000
|
stack
|
page read and write
|
||
|
53F1000
|
trusted library allocation
|
page read and write
|
||
|
4D3E000
|
stack
|
page read and write
|
||
|
1580000
|
trusted library allocation
|
page read and write
|
||
|
A25000
|
heap
|
page read and write
|
||
|
9B7000
|
heap
|
page read and write
|
||
|
1080000
|
heap
|
page read and write
|
||
|
8EF0000
|
heap
|
page read and write
|
||
|
1086000
|
heap
|
page read and write
|
||
|
6240000
|
heap
|
page read and write
|
||
|
1522000
|
trusted library allocation
|
page read and write
|
||
|
36E5000
|
trusted library allocation
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1503000
|
trusted library allocation
|
page execute and read and write
|
||
|
14BE000
|
stack
|
page read and write
|
||
|
D40000
|
trusted library allocation
|
page read and write
|
||
|
4FEC000
|
stack
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
2D5F000
|
trusted library allocation
|
page read and write
|
||
|
A02000
|
heap
|
page read and write
|
||
|
5420000
|
trusted library allocation
|
page read and write
|
||
|
5B8D000
|
stack
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
962000
|
trusted library allocation
|
page read and write
|
||
|
52F8000
|
trusted library allocation
|
page read and write
|
||
|
5A3A000
|
heap
|
page read and write
|
||
|
1520000
|
trusted library allocation
|
page read and write
|
||
|
4F42000
|
trusted library allocation
|
page read and write
|
||
|
AA5000
|
heap
|
page read and write
|
||
|
4ECE000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page execute and read and write
|
||
|
63F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
5490000
|
heap
|
page read and write
|
||
|
DA7000
|
stack
|
page read and write
|
||
|
5A40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F95000
|
trusted library allocation
|
page read and write
|
||
|
CFC000
|
stack
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page read and write
|
There are 231 hidden memdumps, click here to show them.