Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
X.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-2QODD.tmp\X.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-RK0IT.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\X.exe
|
"C:\Users\user\Desktop\X.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-2QODD.tmp\X.tmp
|
"C:\Users\user\AppData\Local\Temp\is-2QODD.tmp\X.tmp" /SL5="$10450,16263284,1034240,C:\Users\user\Desktop\X.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://www.miltera.com.tr/pf/
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
http://www.miltera.com.tr/
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
http://www.miltera.com.tr/pfS
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
6C7000
|
unkown
|
page write copy
|
||
|
4CB000
|
unkown
|
page readonly
|
||
|
2568000
|
direct allocation
|
page read and write
|
||
|
247C000
|
direct allocation
|
page read and write
|
||
|
24E4000
|
direct allocation
|
page read and write
|
||
|
3ADF000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
6DE000
|
unkown
|
page readonly
|
||
|
250A000
|
direct allocation
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
737000
|
unkown
|
page readonly
|
||
|
244A000
|
direct allocation
|
page read and write
|
||
|
3788000
|
direct allocation
|
page read and write
|
||
|
230C000
|
direct allocation
|
page read and write
|
||
|
2553000
|
direct allocation
|
page read and write
|
||
|
6DD000
|
unkown
|
page read and write
|
||
|
37C3000
|
direct allocation
|
page read and write
|
||
|
6D6000
|
unkown
|
page read and write
|
||
|
7FDF6000
|
direct allocation
|
page read and write
|
||
|
24CC000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
26E4000
|
direct allocation
|
page read and write
|
||
|
7D5000
|
heap
|
page read and write
|
||
|
C43000
|
heap
|
page read and write
|
||
|
22A5000
|
direct allocation
|
page read and write
|
||
|
399F000
|
stack
|
page read and write
|
||
|
2467000
|
direct allocation
|
page read and write
|
||
|
34D5000
|
direct allocation
|
page read and write
|
||
|
37F2000
|
direct allocation
|
page read and write
|
||
|
6D9000
|
unkown
|
page write copy
|
||
|
24CF000
|
direct allocation
|
page read and write
|
||
|
224D000
|
direct allocation
|
page read and write
|
||
|
22C2000
|
direct allocation
|
page read and write
|
||
|
37B4000
|
direct allocation
|
page read and write
|
||
|
34CC000
|
direct allocation
|
page read and write
|
||
|
2229000
|
direct allocation
|
page read and write
|
||
|
24F4000
|
direct allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
2536000
|
direct allocation
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
2561000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
34F1000
|
direct allocation
|
page read and write
|
||
|
255A000
|
direct allocation
|
page read and write
|
||
|
92A000
|
heap
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
6F4000
|
unkown
|
page readonly
|
||
|
37FF000
|
direct allocation
|
page read and write
|
||
|
226A000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2528000
|
direct allocation
|
page read and write
|
||
|
231A000
|
direct allocation
|
page read and write
|
||
|
2304000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
24D6000
|
direct allocation
|
page read and write
|
||
|
271C000
|
direct allocation
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
246E000
|
direct allocation
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
90E000
|
heap
|
page read and write
|
||
|
369E000
|
stack
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
34C0000
|
direct allocation
|
page read and write
|
||
|
2544000
|
direct allocation
|
page read and write
|
||
|
252F000
|
direct allocation
|
page read and write
|
||
|
7FB10000
|
direct allocation
|
page read and write
|
||
|
24AC000
|
direct allocation
|
page read and write
|
||
|
253D000
|
direct allocation
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
928000
|
heap
|
page read and write
|
||
|
917000
|
heap
|
page read and write
|
||
|
225B000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2254000
|
direct allocation
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
22E8000
|
direct allocation
|
page read and write
|
||
|
7FE39000
|
direct allocation
|
page read and write
|
||
|
229E000
|
direct allocation
|
page read and write
|
||
|
504000
|
unkown
|
page readonly
|
||
|
660000
|
heap
|
page read and write
|
||
|
2271000
|
direct allocation
|
page read and write
|
||
|
227A000
|
direct allocation
|
page read and write
|
||
|
2443000
|
direct allocation
|
page read and write
|
||
|
22D1000
|
direct allocation
|
page read and write
|
||
|
223F000
|
direct allocation
|
page read and write
|
||
|
758000
|
heap
|
page read and write
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
2483000
|
direct allocation
|
page read and write
|
||
|
24DD000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
direct allocation
|
page read and write
|
||
|
3795000
|
direct allocation
|
page read and write
|
||
|
379E000
|
direct allocation
|
page read and write
|
||
|
34B0000
|
direct allocation
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2C20000
|
heap
|
page read and write
|
||
|
2328000
|
direct allocation
|
page read and write
|
||
|
2430000
|
direct allocation
|
page read and write
|
||
|
24FB000
|
direct allocation
|
page read and write
|
||
|
24A1000
|
direct allocation
|
page read and write
|
||
|
2237000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
2451000
|
direct allocation
|
page read and write
|
||
|
2502000
|
direct allocation
|
page read and write
|
||
|
92C000
|
heap
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
2296000
|
direct allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
22AC000
|
direct allocation
|
page read and write
|
||
|
2475000
|
direct allocation
|
page read and write
|
||
|
254C000
|
direct allocation
|
page read and write
|
||
|
C30000
|
direct allocation
|
page execute and read and write
|
||
|
24C0000
|
direct allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
22EF000
|
direct allocation
|
page read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
37E9000
|
direct allocation
|
page read and write
|
||
|
2214000
|
direct allocation
|
page read and write
|
||
|
34DE000
|
direct allocation
|
page read and write
|
||
|
2222000
|
direct allocation
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
C20000
|
heap
|
page read and write
|
||
|
6C7000
|
unkown
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
6FE000
|
unkown
|
page readonly
|
||
|
22FD000
|
direct allocation
|
page read and write
|
||
|
C89000
|
heap
|
page read and write
|
||
|
92E000
|
heap
|
page read and write
|
||
|
2321000
|
direct allocation
|
page read and write
|
||
|
26DA000
|
direct allocation
|
page read and write
|
||
|
34B0000
|
direct allocation
|
page read and write
|
||
|
6F0000
|
heap
|
page read and write
|
||
|
2CB0000
|
trusted library allocation
|
page read and write
|
||
|
2246000
|
direct allocation
|
page read and write
|
||
|
2313000
|
direct allocation
|
page read and write
|
||
|
22F6000
|
direct allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
248B000
|
direct allocation
|
page read and write
|
||
|
243C000
|
direct allocation
|
page read and write
|
||
|
7FE00000
|
direct allocation
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
37CD000
|
direct allocation
|
page read and write
|
||
|
221B000
|
direct allocation
|
page read and write
|
||
|
22CA000
|
direct allocation
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
2458000
|
direct allocation
|
page read and write
|
||
|
21FB000
|
direct allocation
|
page read and write
|
||
|
37E5000
|
direct allocation
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
245F000
|
direct allocation
|
page read and write
|
||
|
2281000
|
direct allocation
|
page read and write
|
||
|
6D1000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22BA000
|
direct allocation
|
page read and write
|
||
|
2263000
|
direct allocation
|
page read and write
|
||
|
228F000
|
direct allocation
|
page read and write
|
||
|
37A8000
|
direct allocation
|
page read and write
|
||
|
92F000
|
heap
|
page read and write
|
||
|
39DE000
|
stack
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
There are 157 hidden memdumps, click here to show them.