Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FB101DRIT_V13SP3.exe
|
"C:\Users\user\Desktop\FB101DRIT_V13SP3.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://deviis4.installshield.com/NetNirvana/
|
unknown
|
||
|
http://www.installengine.com/oci_range_check.txtproxy
|
unknown
|
||
|
http://www.winzip.com
|
unknown
|
||
|
https://http://...
|
unknown
|
||
|
http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d
|
unknown
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
http://www.installengine.com/oci_range_check.txt
|
unknown
|
||
|
ftp://%s%d.tmpsetup.ethermk:
|
unknown
|
||
|
http://www.winzip.comCan
|
unknown
|
||
|
http://crl.thawte.com/ThawteCodeSigningCA.crl0
|
unknown
|
||
|
http://www.installshield.com0
|
unknown
|
There are 1 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER_Classes\Local Settings\MuiCache\24\417C44EB
|
@C:\Windows\system32\windows.storage.dll,-50691
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1308000
|
heap
|
page read and write
|
||
|
50EE000
|
stack
|
page read and write
|
||
|
E0C000
|
unkown
|
page readonly
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
576E000
|
stack
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
1308000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
140000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
57CF000
|
stack
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
122C000
|
heap
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
512E000
|
stack
|
page read and write
|
||
|
1244000
|
heap
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
51C0000
|
heap
|
page read and write
|
||
|
1220000
|
heap
|
page read and write
|
||
|
513D000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
3050000
|
heap
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
E0C000
|
unkown
|
page readonly
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12E6000
|
heap
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
3490000
|
trusted library allocation
|
page read and write
|
||
|
124F000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
57BE000
|
stack
|
page read and write
|
||
|
D9000
|
stack
|
page read and write
|
||
|
50DE000
|
stack
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
1160000
|
heap
|
page read and write
|
||
|
130000
|
heap
|
page read and write
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
12FC000
|
heap
|
page read and write
|
||
|
3054000
|
heap
|
page read and write
|
||
|
124B000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
51BE000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page write copy
|
||
|
577F000
|
stack
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
130A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
571E000
|
stack
|
page read and write
|
||
|
13D9000
|
heap
|
page read and write
|
||
|
13D5000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page readonly
|
||
|
1293000
|
heap
|
page read and write
|
||
|
52D0000
|
trusted library allocation
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
12F8000
|
heap
|
page read and write
|
||
|
51AC000
|
stack
|
page read and write
|
||
|
572F000
|
stack
|
page read and write
|
||
|
1224000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
127E000
|
heap
|
page read and write
|
||
|
1284000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
12BC000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
12D8000
|
heap
|
page read and write
|
||
|
1288000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
98000
|
stack
|
page read and write
|
There are 83 hidden memdumps, click here to show them.