Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
w4Xl662CE7.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI93F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIAD7.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIb1285.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\shi8B2.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\52455D3\Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {84D7A21E-4D81-4C2F-85D0-A76E4089EC98}, Number of Words: 0, Subject: ConsoleHQ, Author: ConsolHQ LTD,
Name of Creating Application: ConsoleHQ, Template: ;1033, Comments: This installer database contains the logic and data required
to install ConsoleHQ., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\holder0.aiph
|
data
|
dropped
|
||
|
C:\Windows\Installer\6b0e6e.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {84D7A21E-4D81-4C2F-85D0-A76E4089EC98}, Number of Words: 0, Subject: ConsoleHQ, Author: ConsolHQ LTD,
Name of Creating Application: ConsoleHQ, Template: ;1033, Comments: This installer database contains the logic and data required
to install ConsoleHQ., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\MSI115C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI11CB.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI122A.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI1259.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\w4Xl662CE7.exe
|
"C:\Users\user\Desktop\w4Xl662CE7.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding F4295AFC544D7720538B75B4E254EF96 C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\52455D3\Installer.msi"
AI_SETUPEXEPATH=C:\Users\user\Desktop\w4Xl662CE7.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup
/wintime 1731488867 " AI_EUIMSI=""
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding FCF7C67D7B0D5412E5FD6BA69DD16D34
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
164A000
|
heap
|
page read and write
|
||
|
1687000
|
heap
|
page read and write
|
||
|
16B3000
|
heap
|
page read and write
|
||
|
EA0000
|
unkown
|
page readonly
|
||
|
16F7000
|
heap
|
page read and write
|
||
|
1147000
|
unkown
|
page readonly
|
||
|
EA0000
|
unkown
|
page readonly
|
||
|
1702000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
3A0E000
|
stack
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
1166000
|
unkown
|
page readonly
|
||
|
16D2000
|
heap
|
page read and write
|
||
|
172C000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
1683000
|
heap
|
page read and write
|
||
|
48FE000
|
stack
|
page read and write
|
||
|
1166000
|
unkown
|
page readonly
|
||
|
3264000
|
heap
|
page read and write
|
||
|
16F8000
|
heap
|
page read and write
|
||
|
16DE000
|
heap
|
page read and write
|
||
|
1705000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
16E3000
|
heap
|
page read and write
|
||
|
169F000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
170F000
|
heap
|
page read and write
|
||
|
16CB000
|
heap
|
page read and write
|
||
|
4680000
|
direct allocation
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
173A000
|
heap
|
page read and write
|
||
|
10B8000
|
unkown
|
page readonly
|
||
|
1724000
|
heap
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
16C3000
|
heap
|
page read and write
|
||
|
1729000
|
heap
|
page read and write
|
||
|
170C000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
170B000
|
heap
|
page read and write
|
||
|
45C5000
|
heap
|
page read and write
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
1726000
|
heap
|
page read and write
|
||
|
1709000
|
heap
|
page read and write
|
||
|
1143000
|
unkown
|
page write copy
|
||
|
459E000
|
heap
|
page read and write
|
||
|
1718000
|
heap
|
page read and write
|
||
|
1687000
|
heap
|
page read and write
|
||
|
166E000
|
heap
|
page read and write
|
||
|
5B60000
|
direct allocation
|
page read and write
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
1732000
|
heap
|
page read and write
|
||
|
113E000
|
unkown
|
page write copy
|
||
|
16F2000
|
heap
|
page read and write
|
||
|
3250000
|
heap
|
page read and write
|
||
|
168B000
|
heap
|
page read and write
|
||
|
16E6000
|
heap
|
page read and write
|
||
|
16A9000
|
heap
|
page read and write
|
||
|
EA1000
|
unkown
|
page execute read
|
||
|
169E000
|
heap
|
page read and write
|
||
|
15C5000
|
heap
|
page read and write
|
||
|
16C2000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
16B6000
|
heap
|
page read and write
|
||
|
16C2000
|
heap
|
page read and write
|
||
|
458C000
|
heap
|
page read and write
|
||
|
4589000
|
heap
|
page read and write
|
||
|
166E000
|
heap
|
page read and write
|
||
|
4588000
|
heap
|
page read and write
|
||
|
1675000
|
heap
|
page read and write
|
||
|
1738000
|
heap
|
page read and write
|
||
|
16E2000
|
heap
|
page read and write
|
||
|
EA1000
|
unkown
|
page execute read
|
||
|
16C2000
|
heap
|
page read and write
|
||
|
16CC000
|
heap
|
page read and write
|
||
|
45B5000
|
heap
|
page read and write
|
||
|
45A8000
|
heap
|
page read and write
|
||
|
E80000
|
heap
|
page read and write
|
||
|
1713000
|
heap
|
page read and write
|
||
|
170A000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
168B000
|
heap
|
page read and write
|
||
|
45C7000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
16DB000
|
heap
|
page read and write
|
||
|
16C7000
|
heap
|
page read and write
|
||
|
E90000
|
heap
|
page read and write
|
||
|
16AE000
|
heap
|
page read and write
|
||
|
168B000
|
heap
|
page read and write
|
||
|
16F6000
|
heap
|
page read and write
|
||
|
4599000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
10B8000
|
unkown
|
page readonly
|
||
|
16ED000
|
heap
|
page read and write
|
||
|
1717000
|
heap
|
page read and write
|
||
|
4400000
|
direct allocation
|
page read and write
|
||
|
1703000
|
heap
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
32C5000
|
heap
|
page read and write
|
||
|
1676000
|
heap
|
page read and write
|
||
|
16B4000
|
heap
|
page read and write
|
||
|
458A000
|
heap
|
page read and write
|
||
|
16EA000
|
heap
|
page read and write
|
||
|
4591000
|
heap
|
page read and write
|
||
|
16D0000
|
heap
|
page read and write
|
||
|
330E000
|
stack
|
page read and write
|
||
|
171F000
|
heap
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
16D2000
|
heap
|
page read and write
|
||
|
166B000
|
heap
|
page read and write
|
||
|
16C2000
|
heap
|
page read and write
|
||
|
14FB000
|
stack
|
page read and write
|
||
|
453F000
|
stack
|
page read and write
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
627F000
|
stack
|
page read and write
|
||
|
1142000
|
unkown
|
page write copy
|
||
|
45C5000
|
heap
|
page read and write
|
||
|
45B2000
|
heap
|
page read and write
|
||
|
45C5000
|
heap
|
page read and write
|
||
|
1702000
|
heap
|
page read and write
|
||
|
45C6000
|
heap
|
page read and write
|
||
|
1640000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
16E4000
|
heap
|
page read and write
|
||
|
45B5000
|
heap
|
page read and write
|
||
|
16FE000
|
heap
|
page read and write
|
||
|
4596000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1738000
|
heap
|
page read and write
|
||
|
16BB000
|
heap
|
page read and write
|
||
|
16FA000
|
heap
|
page read and write
|
||
|
16FE000
|
heap
|
page read and write
|
||
|
458E000
|
heap
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
47C0000
|
heap
|
page read and write
|
||
|
16EB000
|
heap
|
page read and write
|
||
|
45A5000
|
heap
|
page read and write
|
||
|
16F4000
|
heap
|
page read and write
|
||
|
11EE000
|
stack
|
page read and write
|
||
|
45AF000
|
heap
|
page read and write
|
||
|
16DF000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
16B2000
|
heap
|
page read and write
|
||
|
16DB000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
16D6000
|
heap
|
page read and write
|
||
|
45A5000
|
heap
|
page read and write
|
||
|
32CB000
|
heap
|
page read and write
|
||
|
169E000
|
heap
|
page read and write
|
||
|
31ED000
|
stack
|
page read and write
|
||
|
1147000
|
unkown
|
page readonly
|
||
|
3B0F000
|
stack
|
page read and write
|
||
|
16AE000
|
heap
|
page read and write
|
||
|
16E7000
|
heap
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
1702000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1729000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
45A3000
|
heap
|
page read and write
|
||
|
190F000
|
stack
|
page read and write
|
||
|
16D5000
|
heap
|
page read and write
|
||
|
1721000
|
heap
|
page read and write
|
||
|
1706000
|
heap
|
page read and write
|
||
|
4597000
|
heap
|
page read and write
|
||
|
16E5000
|
heap
|
page read and write
|
||
|
3C00000
|
trusted library allocation
|
page read and write
|
||
|
47D6000
|
direct allocation
|
page read and write
|
||
|
16C6000
|
heap
|
page read and write
|
||
|
45A0000
|
heap
|
page read and write
|
||
|
16A3000
|
heap
|
page read and write
|
||
|
4581000
|
heap
|
page read and write
|
||
|
1144000
|
unkown
|
page read and write
|
||
|
16DA000
|
heap
|
page read and write
|
||
|
443D000
|
stack
|
page read and write
|
||
|
5E1E000
|
stack
|
page read and write
|
||
|
16AF000
|
heap
|
page read and write
|
||
|
16CE000
|
heap
|
page read and write
|
||
|
1687000
|
heap
|
page read and write
|
||
|
6A30000
|
heap
|
page read and write
|
||
|
390E000
|
stack
|
page read and write
|
||
|
32AE000
|
stack
|
page read and write
|
||
|
16DF000
|
heap
|
page read and write
|
||
|
16EC000
|
heap
|
page read and write
|
||
|
4594000
|
heap
|
page read and write
|
||
|
16E6000
|
heap
|
page read and write
|
||
|
1734000
|
heap
|
page read and write
|
||
|
1708000
|
heap
|
page read and write
|
||
|
16F3000
|
heap
|
page read and write
|
||
|
113E000
|
unkown
|
page read and write
|
||
|
E1A000
|
stack
|
page read and write
|
||
|
5F1D000
|
stack
|
page read and write
|
||
|
16B8000
|
heap
|
page read and write
|
||
|
1728000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
45B4000
|
heap
|
page read and write
|
||
|
5B62000
|
heap
|
page read and write
|
||
|
1700000
|
heap
|
page read and write
|
||
|
1718000
|
heap
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
172E000
|
heap
|
page read and write
|
||
|
45A1000
|
heap
|
page read and write
|
||
|
1714000
|
heap
|
page read and write
|
There are 203 hidden memdumps, click here to show them.