Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
L7eGkXK1vw.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI4d566.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSID027.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSID0A5.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\shiCF5B.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Customers suppliers spot report\AiEdit 1.0.0\install\ADBBE7B\Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {78879585-F815-46D3-A8F3-19D63E9AA515}, Number of Words: 0, Subject: AiEdit, Author: Customers suppliers
spot report, Name of Creating Application: AiEdit, Template: ;1033, Comments: This installer database contains the logic and
data required to install AiEdit., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Customers suppliers spot report\AiEdit 1.0.0\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Customers suppliers spot report\AiEdit 1.0.0\install\holder0.aiph
|
data
|
dropped
|
||
|
C:\Windows\Installer\44d18d.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {78879585-F815-46D3-A8F3-19D63E9AA515}, Number of Words: 0, Subject: AiEdit, Author: Customers suppliers
spot report, Name of Creating Application: AiEdit, Template: ;1033, Comments: This installer database contains the logic and
data required to install AiEdit., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\MSID2B6.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSID48C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSID4CB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSID50B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\L7eGkXK1vw.exe
|
"C:\Users\user\Desktop\L7eGkXK1vw.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding ACA38A334053287546358A7834586E97 C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\Customers suppliers spot report\AiEdit 1.0.0\install\ADBBE7B\Installer.msi"
AI_SETUPEXEPATH=C:\Users\user\Desktop\L7eGkXK1vw.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup
/wintime 1731488680 " AI_EUIMSI=""
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding C9C4CD5A6467721AC65AAF0E4F5DEE73
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://html4/loose.dtd
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
18AC000
|
heap
|
page read and write
|
||
|
18D7000
|
heap
|
page read and write
|
||
|
18DF000
|
heap
|
page read and write
|
||
|
18CE000
|
heap
|
page read and write
|
||
|
1843000
|
heap
|
page read and write
|
||
|
F20000
|
heap
|
page read and write
|
||
|
190B000
|
heap
|
page read and write
|
||
|
18EF000
|
heap
|
page read and write
|
||
|
18CB000
|
heap
|
page read and write
|
||
|
18DC000
|
heap
|
page read and write
|
||
|
18CE000
|
heap
|
page read and write
|
||
|
1833000
|
heap
|
page read and write
|
||
|
1890000
|
heap
|
page read and write
|
||
|
18CC000
|
heap
|
page read and write
|
||
|
479B000
|
heap
|
page read and write
|
||
|
1159000
|
unkown
|
page readonly
|
||
|
186E000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
4990000
|
heap
|
page read and write
|
||
|
18D6000
|
heap
|
page read and write
|
||
|
1913000
|
heap
|
page read and write
|
||
|
1844000
|
heap
|
page read and write
|
||
|
1915000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
18AD000
|
heap
|
page read and write
|
||
|
18C1000
|
heap
|
page read and write
|
||
|
479B000
|
heap
|
page read and write
|
||
|
4764000
|
heap
|
page read and write
|
||
|
1878000
|
heap
|
page read and write
|
||
|
11E3000
|
unkown
|
page write copy
|
||
|
189C000
|
heap
|
page read and write
|
||
|
4ACE000
|
stack
|
page read and write
|
||
|
612E000
|
stack
|
page read and write
|
||
|
1835000
|
heap
|
page read and write
|
||
|
184E000
|
heap
|
page read and write
|
||
|
1915000
|
heap
|
page read and write
|
||
|
135B000
|
stack
|
page read and write
|
||
|
4774000
|
heap
|
page read and write
|
||
|
F41000
|
unkown
|
page execute read
|
||
|
18C7000
|
heap
|
page read and write
|
||
|
470F000
|
stack
|
page read and write
|
||
|
18C4000
|
heap
|
page read and write
|
||
|
186E000
|
heap
|
page read and write
|
||
|
1913000
|
heap
|
page read and write
|
||
|
4773000
|
heap
|
page read and write
|
||
|
182A000
|
heap
|
page read and write
|
||
|
4789000
|
heap
|
page read and write
|
||
|
188E000
|
heap
|
page read and write
|
||
|
18A2000
|
heap
|
page read and write
|
||
|
186A000
|
heap
|
page read and write
|
||
|
18D9000
|
heap
|
page read and write
|
||
|
479B000
|
heap
|
page read and write
|
||
|
3320000
|
heap
|
page read and write
|
||
|
184B000
|
heap
|
page read and write
|
||
|
18CF000
|
heap
|
page read and write
|
||
|
18D5000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
479B000
|
heap
|
page read and write
|
||
|
4783000
|
heap
|
page read and write
|
||
|
18A2000
|
heap
|
page read and write
|
||
|
18DA000
|
heap
|
page read and write
|
||
|
34D4000
|
heap
|
page read and write
|
||
|
3C9F000
|
stack
|
page read and write
|
||
|
18A3000
|
heap
|
page read and write
|
||
|
34C0000
|
heap
|
page read and write
|
||
|
18F4000
|
heap
|
page read and write
|
||
|
1897000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page write copy
|
||
|
6BF0000
|
heap
|
page read and write
|
||
|
18A2000
|
heap
|
page read and write
|
||
|
18CA000
|
heap
|
page read and write
|
||
|
3B9E000
|
stack
|
page read and write
|
||
|
1895000
|
heap
|
page read and write
|
||
|
18FB000
|
heap
|
page read and write
|
||
|
476A000
|
heap
|
page read and write
|
||
|
1913000
|
heap
|
page read and write
|
||
|
1918000
|
heap
|
page read and write
|
||
|
1878000
|
heap
|
page read and write
|
||
|
1895000
|
heap
|
page read and write
|
||
|
18E4000
|
heap
|
page read and write
|
||
|
18B6000
|
heap
|
page read and write
|
||
|
186A000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
49E7000
|
direct allocation
|
page read and write
|
||
|
1A1E000
|
stack
|
page read and write
|
||
|
32D0000
|
heap
|
page read and write
|
||
|
5D70000
|
direct allocation
|
page read and write
|
||
|
18EC000
|
heap
|
page read and write
|
||
|
4757000
|
heap
|
page read and write
|
||
|
1892000
|
heap
|
page read and write
|
||
|
4610000
|
direct allocation
|
page read and write
|
||
|
186E000
|
heap
|
page read and write
|
||
|
1915000
|
heap
|
page read and write
|
||
|
18E3000
|
heap
|
page read and write
|
||
|
3A9E000
|
stack
|
page read and write
|
||
|
3E10000
|
trusted library allocation
|
page read and write
|
||
|
18BB000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
11E5000
|
unkown
|
page read and write
|
||
|
4765000
|
heap
|
page read and write
|
||
|
4750000
|
heap
|
page read and write
|
||
|
139E000
|
stack
|
page read and write
|
||
|
64DF000
|
stack
|
page read and write
|
||
|
331E000
|
stack
|
page read and write
|
||
|
479B000
|
heap
|
page read and write
|
||
|
1866000
|
heap
|
page read and write
|
||
|
1898000
|
heap
|
page read and write
|
||
|
1899000
|
heap
|
page read and write
|
||
|
18DE000
|
heap
|
page read and write
|
||
|
18A5000
|
heap
|
page read and write
|
||
|
11E8000
|
unkown
|
page readonly
|
||
|
1891000
|
heap
|
page read and write
|
||
|
188E000
|
heap
|
page read and write
|
||
|
18DB000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
17DF000
|
stack
|
page read and write
|
||
|
18E4000
|
heap
|
page read and write
|
||
|
18E9000
|
heap
|
page read and write
|
||
|
1897000
|
heap
|
page read and write
|
||
|
18FF000
|
heap
|
page read and write
|
||
|
18DD000
|
heap
|
page read and write
|
||
|
18F7000
|
heap
|
page read and write
|
||
|
18C4000
|
heap
|
page read and write
|
||
|
4751000
|
heap
|
page read and write
|
||
|
4764000
|
heap
|
page read and write
|
||
|
18D9000
|
heap
|
page read and write
|
||
|
1905000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
18AE000
|
heap
|
page read and write
|
||
|
1889000
|
heap
|
page read and write
|
||
|
11E4000
|
unkown
|
page write copy
|
||
|
18EA000
|
heap
|
page read and write
|
||
|
18D7000
|
heap
|
page read and write
|
||
|
31FD000
|
stack
|
page read and write
|
||
|
18A3000
|
heap
|
page read and write
|
||
|
18AC000
|
heap
|
page read and write
|
||
|
F41000
|
unkown
|
page execute read
|
||
|
1900000
|
heap
|
page read and write
|
||
|
32BE000
|
stack
|
page read and write
|
||
|
4756000
|
heap
|
page read and write
|
||
|
191A000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
1915000
|
heap
|
page read and write
|
||
|
18EF000
|
heap
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
332B000
|
heap
|
page read and write
|
||
|
361E000
|
stack
|
page read and write
|
||
|
184E000
|
heap
|
page read and write
|
||
|
F40000
|
unkown
|
page readonly
|
||
|
1908000
|
heap
|
page read and write
|
||
|
1159000
|
unkown
|
page readonly
|
||
|
18DB000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
4755000
|
heap
|
page read and write
|
||
|
18AC000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
3325000
|
heap
|
page read and write
|
||
|
18B8000
|
heap
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
18A2000
|
heap
|
page read and write
|
||
|
1891000
|
heap
|
page read and write
|
||
|
11E8000
|
unkown
|
page readonly
|
||
|
3260000
|
heap
|
page read and write
|
||
|
5D7C000
|
heap
|
page read and write
|
||
|
18D7000
|
heap
|
page read and write
|
||
|
18F0000
|
heap
|
page read and write
|
||
|
18CB000
|
heap
|
page read and write
|
||
|
479D000
|
heap
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
477F000
|
heap
|
page read and write
|
||
|
477E000
|
heap
|
page read and write
|
||
|
1893000
|
heap
|
page read and write
|
||
|
188C000
|
heap
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
4850000
|
direct allocation
|
page read and write
|
||
|
18FB000
|
heap
|
page read and write
|
||
|
18C4000
|
heap
|
page read and write
|
||
|
1895000
|
heap
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
18C9000
|
heap
|
page read and write
|
||
|
477C000
|
heap
|
page read and write
|
||
|
1913000
|
heap
|
page read and write
|
||
|
475D000
|
heap
|
page read and write
|
||
|
18DB000
|
heap
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
11DF000
|
unkown
|
page read and write
|
||
|
EAA000
|
stack
|
page read and write
|
There are 183 hidden memdumps, click here to show them.