Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
zc4BfiuQaY.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI1715d.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI68D3.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI6A3B.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\shi6806.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\52455D3\Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {88E218DA-F45F-4046-803C-53E19845AEBD}, Number of Words: 0, Subject: ConsoleHQ, Author: ConsolHQ LTD,
Name of Creating Application: ConsoleHQ, Template: ;1033, Comments: This installer database contains the logic and data required
to install ConsoleHQ., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\holder0.aiph
|
data
|
dropped
|
||
|
C:\Windows\Installer\516c7b.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {88E218DA-F45F-4046-803C-53E19845AEBD}, Number of Words: 0, Subject: ConsoleHQ, Author: ConsolHQ LTD,
Name of Creating Application: ConsoleHQ, Template: ;1033, Comments: This installer database contains the logic and data required
to install ConsoleHQ., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
|
dropped
|
||
|
C:\Windows\Installer\MSI7015.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI70C2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7101.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI7122.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 55E60B238A8A3DD32D3B86B94F88D00E C
|
 |
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\ConsoleHQ 1.12.3\install\52455D3\Installer.msi"
AI_SETUPEXEPATH=C:\Users\user\Desktop\zc4BfiuQaY.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup
/wintime 1731488861 " AI_EUIMSI=""
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding DB9E10EE80EF0F3ED2D34BAE27880B07
|
|
|
|
C:\Users\user\Desktop\zc4BfiuQaY.exe
|
"C:\Users\user\Desktop\zc4BfiuQaY.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1470000
|
heap
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
1454000
|
heap
|
page read and write
|
||
|
14A3000
|
heap
|
page read and write
|
||
|
145A000
|
heap
|
page read and write
|
||
|
42FB000
|
heap
|
page read and write
|
||
|
14B5000
|
heap
|
page read and write
|
||
|
146A000
|
heap
|
page read and write
|
||
|
464E000
|
stack
|
page read and write
|
||
|
4526000
|
direct allocation
|
page read and write
|
||
|
361D000
|
stack
|
page read and write
|
||
|
1409000
|
heap
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
1455000
|
heap
|
page read and write
|
||
|
42D5000
|
heap
|
page read and write
|
||
|
147B000
|
heap
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
4140000
|
direct allocation
|
page read and write
|
||
|
144C000
|
heap
|
page read and write
|
||
|
1409000
|
heap
|
page read and write
|
||
|
3020000
|
heap
|
page read and write
|
||
|
1472000
|
heap
|
page read and write
|
||
|
148C000
|
heap
|
page read and write
|
||
|
43D0000
|
direct allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
E21000
|
unkown
|
page execute read
|
||
|
42D0000
|
heap
|
page read and write
|
||
|
1492000
|
heap
|
page read and write
|
||
|
31CE000
|
stack
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
144D000
|
heap
|
page read and write
|
||
|
66B0000
|
heap
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
1488000
|
heap
|
page read and write
|
||
|
10BE000
|
unkown
|
page read and write
|
||
|
145D000
|
heap
|
page read and write
|
||
|
14B2000
|
heap
|
page read and write
|
||
|
143C000
|
heap
|
page read and write
|
||
|
42E8000
|
heap
|
page read and write
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
58CE000
|
heap
|
page read and write
|
||
|
3025000
|
heap
|
page read and write
|
||
|
42F1000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
13E4000
|
heap
|
page read and write
|
||
|
1437000
|
heap
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
1489000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
1290000
|
heap
|
page read and write
|
||
|
14A3000
|
heap
|
page read and write
|
||
|
1443000
|
heap
|
page read and write
|
||
|
1448000
|
heap
|
page read and write
|
||
|
146D000
|
heap
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
2ED4000
|
heap
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
4303000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
42D6000
|
heap
|
page read and write
|
||
|
14BC000
|
heap
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
13EB000
|
heap
|
page read and write
|
||
|
1444000
|
heap
|
page read and write
|
||
|
14B2000
|
heap
|
page read and write
|
||
|
13EE000
|
heap
|
page read and write
|
||
|
1477000
|
heap
|
page read and write
|
||
|
10E6000
|
unkown
|
page readonly
|
||
|
13D3000
|
heap
|
page read and write
|
||
|
10C7000
|
unkown
|
page readonly
|
||
|
1436000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
144B000
|
heap
|
page read and write
|
||
|
122B000
|
stack
|
page read and write
|
||
|
14BA000
|
heap
|
page read and write
|
||
|
42D4000
|
heap
|
page read and write
|
||
|
3930000
|
trusted library allocation
|
page read and write
|
||
|
1432000
|
heap
|
page read and write
|
||
|
148D000
|
heap
|
page read and write
|
||
|
14A2000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
147E000
|
heap
|
page read and write
|
||
|
42F5000
|
heap
|
page read and write
|
||
|
5FDF000
|
stack
|
page read and write
|
||
|
1474000
|
heap
|
page read and write
|
||
|
140D000
|
heap
|
page read and write
|
||
|
42FF000
|
heap
|
page read and write
|
||
|
14BC000
|
heap
|
page read and write
|
||
|
16BF000
|
stack
|
page read and write
|
||
|
3030000
|
heap
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
B89000
|
stack
|
page read and write
|
||
|
14B9000
|
heap
|
page read and write
|
||
|
14A5000
|
heap
|
page read and write
|
||
|
1443000
|
heap
|
page read and write
|
||
|
426F000
|
stack
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
42F5000
|
heap
|
page read and write
|
||
|
10C3000
|
unkown
|
page write copy
|
||
|
1443000
|
heap
|
page read and write
|
||
|
42F1000
|
heap
|
page read and write
|
||
|
1038000
|
unkown
|
page readonly
|
||
|
14B6000
|
heap
|
page read and write
|
||
|
147C000
|
heap
|
page read and write
|
||
|
10BE000
|
unkown
|
page write copy
|
||
|
42ED000
|
heap
|
page read and write
|
||
|
42FB000
|
heap
|
page read and write
|
||
|
13AE000
|
stack
|
page read and write
|
||
|
42F0000
|
heap
|
page read and write
|
||
|
302B000
|
heap
|
page read and write
|
||
|
13D4000
|
heap
|
page read and write
|
||
|
1438000
|
heap
|
page read and write
|
||
|
144B000
|
heap
|
page read and write
|
||
|
10C4000
|
unkown
|
page read and write
|
||
|
147D000
|
heap
|
page read and write
|
||
|
1434000
|
heap
|
page read and write
|
||
|
1038000
|
unkown
|
page readonly
|
||
|
10C7000
|
unkown
|
page readonly
|
||
|
31D0000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
10C2000
|
unkown
|
page write copy
|
||
|
144D000
|
heap
|
page read and write
|
||
|
1477000
|
heap
|
page read and write
|
||
|
142F000
|
heap
|
page read and write
|
||
|
142A000
|
heap
|
page read and write
|
||
|
1479000
|
heap
|
page read and write
|
||
|
E21000
|
unkown
|
page execute read
|
||
|
14B7000
|
heap
|
page read and write
|
||
|
145E000
|
heap
|
page read and write
|
||
|
1454000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page read and write
|
||
|
1495000
|
heap
|
page read and write
|
||
|
416E000
|
stack
|
page read and write
|
||
|
42EB000
|
heap
|
page read and write
|
||
|
42E1000
|
heap
|
page read and write
|
||
|
42E4000
|
heap
|
page read and write
|
||
|
4510000
|
heap
|
page read and write
|
||
|
1456000
|
heap
|
page read and write
|
||
|
42F1000
|
heap
|
page read and write
|
||
|
1492000
|
heap
|
page read and write
|
||
|
42FD000
|
heap
|
page read and write
|
||
|
308E000
|
stack
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
42E8000
|
heap
|
page read and write
|
||
|
42F6000
|
heap
|
page read and write
|
||
|
1464000
|
heap
|
page read and write
|
||
|
42F4000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
144F000
|
heap
|
page read and write
|
||
|
1485000
|
heap
|
page read and write
|
||
|
146E000
|
heap
|
page read and write
|
||
|
147A000
|
heap
|
page read and write
|
||
|
1451000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
4140000
|
direct allocation
|
page read and write
|
||
|
4321000
|
heap
|
page read and write
|
||
|
13E3000
|
heap
|
page read and write
|
||
|
430A000
|
heap
|
page read and write
|
||
|
1433000
|
heap
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
42F5000
|
heap
|
page read and write
|
||
|
140D000
|
heap
|
page read and write
|
||
|
1431000
|
heap
|
page read and write
|
||
|
42E7000
|
heap
|
page read and write
|
||
|
1465000
|
heap
|
page read and write
|
||
|
42E2000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
431F000
|
heap
|
page read and write
|
||
|
146A000
|
heap
|
page read and write
|
||
|
42E0000
|
heap
|
page read and write
|
||
|
14B2000
|
heap
|
page read and write
|
||
|
14A7000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
1454000
|
heap
|
page read and write
|
||
|
140D000
|
heap
|
page read and write
|
||
|
2E70000
|
heap
|
page read and write
|
||
|
42D1000
|
heap
|
page read and write
|
||
|
1461000
|
heap
|
page read and write
|
||
|
148B000
|
heap
|
page read and write
|
||
|
1478000
|
heap
|
page read and write
|
||
|
126E000
|
stack
|
page read and write
|
||
|
13CA000
|
heap
|
page read and write
|
||
|
1443000
|
heap
|
page read and write
|
||
|
4305000
|
heap
|
page read and write
|
||
|
42F2000
|
heap
|
page read and write
|
||
|
42D8000
|
heap
|
page read and write
|
||
|
10E6000
|
unkown
|
page readonly
|
There are 182 hidden memdumps, click here to show them.