Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Dell\UpdatePackage\Log\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.txt
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\104[1]
|
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\info_normal[1]
|
PNG image data, 17 x 17, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\close_hover[1]
|
PNG image data, 26 x 26, 8-bit/color RGB, interlaced
|
modified
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\script[1]
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\close_normal[1]
|
PNG image data, 26 x 26, 8-bit/color RGBA, interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\logo[1]
|
PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\styles[1]
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE
|
"C:\Users\user\Desktop\Dell-Pair-Application_9DY26_WIN_1.2.4_A00-00.EXE"
|
 |
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.entrust.net/g2ca.crl0
|
unknown
|
||
|
https://www.dell.com/support/kbdoc/000201693
|
unknown
|
||
|
http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsdG
|
unknown
|
||
|
http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsd
|
unknown
|
||
|
http://schemas.dell.com/openmanage/cm/2009/1/1/datamodelcore.xsd
|
unknown
|
||
|
http://ocsp.entrust.net03
|
unknown
|
||
|
http://ocsp.entrust.net02
|
unknown
|
||
|
http://ocsp.entrust.net01
|
unknown
|
||
|
http://www.entrust.net/rpa03
|
unknown
|
||
|
http://ocsp.entrust.net00
|
unknown
|
||
|
http://www.winimage.com/zLibDllH
|
unknown
|
||
|
http://schemas.dell.com/openmanage/cm/2009/1/0/mupdefinition.xsdL
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd
|
unknown
|
||
|
http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd-//OASIS//DTD
|
unknown
|
||
|
http://www.winimage.com/zLibDll/unzip.html
|
unknown
|
||
|
http://aia.entrust.net/ts2-chain256.p7c01
|
unknown
|
||
|
http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26L
|
unknown
|
||
|
http://crl.entrust.net/csbr1.crl0
|
unknown
|
||
|
http://www.winimage.com/zLibDll
|
unknown
|
||
|
http://relaxng.org/ns/structure/1.0
|
unknown
|
||
|
http://aia.entrust.net/evcs2-chain.p7c01
|
unknown
|
||
|
http://crl.entrust.net/ts2ca.crl0
|
unknown
|
||
|
http://schemas.dell.com/openmanage/cm/2/0/mupdefinition.xsd
|
unknown
|
||
|
http://crl.entrust.net/evcs2.crl0
|
unknown
|
||
|
http://www.entrust.net/rpa0
|
unknown
|
||
|
http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9DY26
|
unknown
|
||
|
https://www.entrust.net/rpa0
|
unknown
|
There are 18 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
519F000
|
stack
|
page read and write
|
||
|
4FDC000
|
heap
|
page read and write
|
||
|
9A26000
|
trusted library allocation
|
page read and write
|
||
|
4440000
|
heap
|
page read and write
|
||
|
3F51000
|
trusted library allocation
|
page read and write
|
||
|
986E000
|
heap
|
page read and write
|
||
|
EE4000
|
unkown
|
page write copy
|
||
|
5363000
|
trusted library allocation
|
page read and write
|
||
|
9A2C000
|
trusted library allocation
|
page read and write
|
||
|
7F082000
|
trusted library allocation
|
page execute read
|
||
|
157C000
|
stack
|
page read and write
|
||
|
DBC000
|
unkown
|
page readonly
|
||
|
3F84000
|
trusted library allocation
|
page read and write
|
||
|
821000
|
unkown
|
page execute read
|
||
|
4FFD000
|
heap
|
page read and write
|
||
|
852000
|
unkown
|
page execute read
|
||
|
535C000
|
trusted library allocation
|
page read and write
|
||
|
18F7000
|
heap
|
page read and write
|
||
|
350A000
|
heap
|
page read and write
|
||
|
EEC000
|
unkown
|
page readonly
|
||
|
4FEC000
|
heap
|
page read and write
|
||
|
4FAB000
|
heap
|
page read and write
|
||
|
3F84000
|
trusted library allocation
|
page read and write
|
||
|
4FE4000
|
heap
|
page read and write
|
||
|
3F7C000
|
trusted library allocation
|
page read and write
|
||
|
5365000
|
trusted library allocation
|
page read and write
|
||
|
3F18000
|
trusted library allocation
|
page read and write
|
||
|
9800000
|
trusted library allocation
|
page read and write
|
||
|
9A2C000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
EE5000
|
unkown
|
page read and write
|
||
|
3F7C000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
heap
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
540B000
|
trusted library allocation
|
page read and write
|
||
|
3EF8000
|
trusted library allocation
|
page read and write
|
||
|
9A34000
|
trusted library allocation
|
page read and write
|
||
|
4FF4000
|
heap
|
page read and write
|
||
|
5005000
|
heap
|
page read and write
|
||
|
3F78000
|
trusted library allocation
|
page read and write
|
||
|
963E000
|
stack
|
page read and write
|
||
|
3F84000
|
trusted library allocation
|
page read and write
|
||
|
3F22000
|
trusted library allocation
|
page read and write
|
||
|
3F28000
|
trusted library allocation
|
page read and write
|
||
|
D6D000
|
unkown
|
page execute read
|
||
|
9112000
|
trusted library allocation
|
page read and write
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
ECC000
|
unkown
|
page readonly
|
||
|
38B1000
|
heap
|
page read and write
|
||
|
3F40000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
unkown
|
page readonly
|
||
|
5406000
|
trusted library allocation
|
page read and write
|
||
|
D6D000
|
unkown
|
page execute read
|
||
|
3F68000
|
trusted library allocation
|
page read and write
|
||
|
4680000
|
trusted library allocation
|
page read and write
|
||
|
3F7C000
|
trusted library allocation
|
page read and write
|
||
|
3F68000
|
trusted library allocation
|
page read and write
|
||
|
9A22000
|
trusted library allocation
|
page read and write
|
||
|
32EC000
|
heap
|
page read and write
|
||
|
EE7000
|
unkown
|
page write copy
|
||
|
9A26000
|
trusted library allocation
|
page read and write
|
||
|
ED9000
|
unkown
|
page read and write
|
||
|
7740000
|
trusted library section
|
page readonly
|
||
|
4FE8000
|
heap
|
page read and write
|
||
|
895000
|
unkown
|
page execute read
|
||
|
821000
|
unkown
|
page execute read
|
||
|
509B000
|
stack
|
page read and write
|
||
|
443F000
|
stack
|
page read and write
|
||
|
3ED8000
|
trusted library allocation
|
page read and write
|
||
|
38A6000
|
heap
|
page read and write
|
||
|
5003000
|
heap
|
page read and write
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
5364000
|
trusted library allocation
|
page read and write
|
||
|
4494000
|
heap
|
page read and write
|
||
|
9872000
|
heap
|
page read and write
|
||
|
448A000
|
heap
|
page read and write
|
||
|
4FD2000
|
heap
|
page read and write
|
||
|
EDD000
|
unkown
|
page read and write
|
||
|
9A2C000
|
trusted library allocation
|
page read and write
|
||
|
3F70000
|
trusted library allocation
|
page read and write
|
||
|
43EE000
|
stack
|
page read and write
|
||
|
5018000
|
heap
|
page read and write
|
||
|
43AF000
|
stack
|
page read and write
|
||
|
18B3000
|
heap
|
page read and write
|
||
|
32E0000
|
heap
|
page read and write
|
||
|
5404000
|
trusted library allocation
|
page read and write
|
||
|
412D000
|
stack
|
page read and write
|
||
|
4F84000
|
heap
|
page read and write
|
||
|
18CC000
|
heap
|
page read and write
|
||
|
B3E000
|
unkown
|
page execute read
|
||
|
3F84000
|
trusted library allocation
|
page read and write
|
||
|
4FCA000
|
heap
|
page read and write
|
||
|
34B0000
|
heap
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
44B6000
|
heap
|
page read and write
|
||
|
3F4A000
|
trusted library allocation
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
18A5000
|
heap
|
page read and write
|
||
|
5418000
|
trusted library allocation
|
page read and write
|
||
|
449D000
|
heap
|
page read and write
|
||
|
4499000
|
heap
|
page read and write
|
||
|
4FF2000
|
heap
|
page read and write
|
||
|
3F00000
|
trusted library allocation
|
page read and write
|
||
|
4FDA000
|
heap
|
page read and write
|
||
|
4446000
|
heap
|
page read and write
|
||
|
863000
|
unkown
|
page execute read
|
||
|
4F66000
|
heap
|
page read and write
|
||
|
44B1000
|
heap
|
page read and write
|
||
|
187F000
|
heap
|
page read and write
|
||
|
5362000
|
trusted library allocation
|
page read and write
|
||
|
348E000
|
stack
|
page read and write
|
||
|
3514000
|
trusted library allocation
|
page read and write
|
||
|
8FC000
|
unkown
|
page execute read
|
||
|
4F96000
|
heap
|
page read and write
|
||
|
541E000
|
trusted library allocation
|
page read and write
|
||
|
535A000
|
trusted library allocation
|
page read and write
|
||
|
4476000
|
heap
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page execute
|
||
|
3EC8000
|
trusted library allocation
|
page read and write
|
||
|
500E000
|
heap
|
page read and write
|
||
|
4FFF000
|
heap
|
page read and write
|
||
|
44E1000
|
heap
|
page read and write
|
||
|
5009000
|
heap
|
page read and write
|
||
|
18A2000
|
heap
|
page read and write
|
||
|
3503000
|
heap
|
page read and write
|
||
|
7F080000
|
trusted library allocation
|
page execute read
|
||
|
53AE000
|
stack
|
page read and write
|
||
|
9A31000
|
trusted library allocation
|
page read and write
|
||
|
426F000
|
stack
|
page read and write
|
||
|
44C1000
|
heap
|
page read and write
|
||
|
44A2000
|
heap
|
page read and write
|
||
|
51EC000
|
stack
|
page read and write
|
||
|
E6A000
|
unkown
|
page readonly
|
||
|
9A4D000
|
trusted library allocation
|
page read and write
|
||
|
4F6B000
|
heap
|
page read and write
|
||
|
182A000
|
heap
|
page read and write
|
||
|
9A31000
|
trusted library allocation
|
page read and write
|
||
|
18B0000
|
heap
|
page read and write
|
||
|
38B4000
|
heap
|
page read and write
|
||
|
4FBE000
|
heap
|
page read and write
|
||
|
52EE000
|
stack
|
page read and write
|
||
|
18BF000
|
heap
|
page read and write
|
||
|
44F9000
|
heap
|
page read and write
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
ECD000
|
unkown
|
page write copy
|
||
|
5351000
|
trusted library allocation
|
page read and write
|
||
|
416E000
|
stack
|
page read and write
|
||
|
182E000
|
heap
|
page read and write
|
||
|
863000
|
unkown
|
page execute read
|
||
|
4472000
|
heap
|
page read and write
|
||
|
4FF8000
|
heap
|
page read and write
|
||
|
34B3000
|
heap
|
page read and write
|
||
|
3F4E000
|
trusted library allocation
|
page read and write
|
||
|
DBC000
|
unkown
|
page readonly
|
||
|
5414000
|
trusted library allocation
|
page read and write
|
||
|
9A4B000
|
trusted library allocation
|
page read and write
|
||
|
500C000
|
heap
|
page read and write
|
||
|
3BBF000
|
stack
|
page read and write
|
||
|
B3E000
|
unkown
|
page execute read
|
||
|
773C000
|
stack
|
page read and write
|
||
|
4FCA000
|
heap
|
page read and write
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
42AE000
|
stack
|
page read and write
|
||
|
ECD000
|
unkown
|
page read and write
|
||
|
453C000
|
heap
|
page read and write
|
||
|
5357000
|
trusted library allocation
|
page read and write
|
||
|
9A10000
|
heap
|
page read and write
|
||
|
4000000
|
heap
|
page read and write
|
||
|
4FCB000
|
heap
|
page read and write
|
||
|
5355000
|
trusted library allocation
|
page read and write
|
||
|
3ED0000
|
trusted library allocation
|
page read and write
|
||
|
EE4000
|
unkown
|
page write copy
|
||
|
3EE2000
|
trusted library allocation
|
page read and write
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
3F2E000
|
trusted library allocation
|
page read and write
|
||
|
9864000
|
heap
|
page read and write
|
||
|
3F51000
|
trusted library allocation
|
page read and write
|
||
|
EEC000
|
unkown
|
page readonly
|
||
|
3F1E000
|
trusted library allocation
|
page read and write
|
||
|
44AD000
|
heap
|
page read and write
|
||
|
DB8000
|
unkown
|
page execute read
|
||
|
9A20000
|
trusted library allocation
|
page read and write
|
||
|
4F60000
|
heap
|
page read and write
|
||
|
18B3000
|
heap
|
page read and write
|
||
|
1176000
|
unkown
|
page readonly
|
||
|
3F4E000
|
trusted library allocation
|
page read and write
|
||
|
E6A000
|
unkown
|
page readonly
|
||
|
3F1A000
|
trusted library allocation
|
page read and write
|
||
|
3F60000
|
trusted library allocation
|
page read and write
|
||
|
18BF000
|
heap
|
page read and write
|
||
|
1839000
|
heap
|
page read and write
|
||
|
3EF0000
|
trusted library allocation
|
page read and write
|
||
|
44F1000
|
heap
|
page read and write
|
||
|
4482000
|
heap
|
page read and write
|
||
|
3FFC000
|
stack
|
page read and write
|
||
|
EE2000
|
unkown
|
page readonly
|
||
|
44F7000
|
heap
|
page read and write
|
||
|
9A31000
|
trusted library allocation
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
15F0000
|
heap
|
page read and write
|
||
|
973D000
|
trusted library allocation
|
page read and write
|
||
|
53FF000
|
stack
|
page read and write
|
||
|
3F59000
|
trusted library allocation
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
38AF000
|
heap
|
page read and write
|
||
|
3F34000
|
trusted library allocation
|
page read and write
|
||
|
44BE000
|
heap
|
page read and write
|
||
|
5361000
|
trusted library allocation
|
page read and write
|
||
|
1193000
|
unkown
|
page readonly
|
||
|
32E7000
|
heap
|
page read and write
|
||
|
18FD000
|
heap
|
page read and write
|
||
|
3F78000
|
trusted library allocation
|
page read and write
|
||
|
38A4000
|
heap
|
page read and write
|
||
|
4020000
|
heap
|
page read and write
|
||
|
3550000
|
heap
|
page read and write
|
||
|
3D00000
|
trusted library allocation
|
page read and write
|
||
|
852000
|
unkown
|
page execute read
|
||
|
44B8000
|
heap
|
page read and write
|
||
|
3F26000
|
trusted library allocation
|
page read and write
|
||
|
9855000
|
heap
|
page read and write
|
||
|
3ECE000
|
trusted library allocation
|
page read and write
|
||
|
3F20000
|
trusted library allocation
|
page read and write
|
||
|
9800000
|
trusted library allocation
|
page read and write
|
||
|
ED0000
|
unkown
|
page write copy
|
||
|
4FE3000
|
heap
|
page read and write
|
||
|
555F000
|
stack
|
page read and write
|
||
|
467E000
|
stack
|
page read and write
|
||
|
763E000
|
stack
|
page read and write
|
||
|
9810000
|
heap
|
page read and write
|
||
|
953B000
|
stack
|
page read and write
|
||
|
9820000
|
heap
|
page read and write
|
||
|
3F60000
|
trusted library allocation
|
page read and write
|
||
|
3510000
|
trusted library allocation
|
page read and write
|
||
|
ECC000
|
unkown
|
page readonly
|
||
|
1193000
|
unkown
|
page readonly
|
||
|
8FC000
|
unkown
|
page execute read
|
||
|
1488000
|
stack
|
page read and write
|
||
|
535F000
|
trusted library allocation
|
page read and write
|
||
|
820000
|
unkown
|
page readonly
|
||
|
4FD3000
|
heap
|
page read and write
|
||
|
3F10000
|
trusted library allocation
|
page read and write
|
||
|
44CC000
|
heap
|
page read and write
|
||
|
DB8000
|
unkown
|
page execute read
|
||
|
457B000
|
stack
|
page read and write
|
||
|
EE2000
|
unkown
|
page readonly
|
||
|
3EDC000
|
trusted library allocation
|
page read and write
|
||
|
5012000
|
heap
|
page read and write
|
||
|
3500000
|
heap
|
page read and write
|
||
|
9A10000
|
trusted library allocation
|
page read and write
|
||
|
33E0000
|
heap
|
page read and write
|
||
|
44DA000
|
heap
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
1176000
|
unkown
|
page readonly
|
||
|
5367000
|
trusted library allocation
|
page read and write
|
||
|
895000
|
unkown
|
page execute read
|
There are 245 hidden memdumps, click here to show them.