Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pYcFueZgOd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI7F84.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI814A.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIc886c.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\shi7EE7.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {C80C8DC4-7882-4425-A62B-5CA32EF1048D}, Number of Words: 0, Subject: SkimarUtils, Author: ConsolHQ
LTD, Name of Creating Application: SkimarUtils, Template: ;1033, Comments: This installer database contains the logic and
data required to install SkimarUtils., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages:
200
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\holder0.aiph
|
data
|
dropped
|
||
|
C:\Windows\Installer\6c83b9.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {C80C8DC4-7882-4425-A62B-5CA32EF1048D}, Number of Words: 0, Subject: SkimarUtils, Author: ConsolHQ
LTD, Name of Creating Application: SkimarUtils, Template: ;1033, Comments: This installer database contains the logic and
data required to install SkimarUtils., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages:
200
|
dropped
|
||
|
C:\Windows\Installer\MSI8743.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI87A2.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI87F1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI8811.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 161E3B14046EDAE7687DCE0A2DE92319 C
|
 |
|
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\ConsolHQ LTD\SkimarUtils 1.12.3\install\52455D3\Installer.msi"
AI_SETUPEXEPATH=C:\Users\user\Desktop\pYcFueZgOd.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates /forcecleanup
/wintime 1731488858 " AI_EUIMSI=""
|
|
|
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 086D93F0B7AD81A713F30BD085B16B8B
|
|
|
|
C:\Users\user\Desktop\pYcFueZgOd.exe
|
"C:\Users\user\Desktop\pYcFueZgOd.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1554000
|
heap
|
page read and write
|
||
|
15A4000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
133B000
|
stack
|
page read and write
|
||
|
45EC000
|
heap
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
154B000
|
heap
|
page read and write
|
||
|
45EC000
|
heap
|
page read and write
|
||
|
14C3000
|
heap
|
page read and write
|
||
|
45EB000
|
heap
|
page read and write
|
||
|
45F4000
|
heap
|
page read and write
|
||
|
4616000
|
heap
|
page read and write
|
||
|
4606000
|
heap
|
page read and write
|
||
|
1579000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
1588000
|
heap
|
page read and write
|
||
|
45CF000
|
heap
|
page read and write
|
||
|
3384000
|
heap
|
page read and write
|
||
|
4602000
|
heap
|
page read and write
|
||
|
4601000
|
heap
|
page read and write
|
||
|
153D000
|
heap
|
page read and write
|
||
|
3340000
|
heap
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
1513000
|
heap
|
page read and write
|
||
|
45F7000
|
heap
|
page read and write
|
||
|
45E3000
|
heap
|
page read and write
|
||
|
6A90000
|
heap
|
page read and write
|
||
|
39CF000
|
stack
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
45CF000
|
heap
|
page read and write
|
||
|
158B000
|
heap
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
14FA000
|
heap
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
151B000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
1535000
|
heap
|
page read and write
|
||
|
154B000
|
heap
|
page read and write
|
||
|
45C6000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
45C1000
|
heap
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
1546000
|
heap
|
page read and write
|
||
|
1529000
|
heap
|
page read and write
|
||
|
4616000
|
heap
|
page read and write
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
45CC000
|
heap
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
1594000
|
heap
|
page read and write
|
||
|
14B0000
|
heap
|
page read and write
|
||
|
3330000
|
heap
|
page read and write
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
EB8000
|
unkown
|
page readonly
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
14C4000
|
heap
|
page read and write
|
||
|
1572000
|
heap
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
3ACF000
|
stack
|
page read and write
|
||
|
45C8000
|
heap
|
page read and write
|
||
|
151C000
|
heap
|
page read and write
|
||
|
172E000
|
stack
|
page read and write
|
||
|
151B000
|
heap
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
45CB000
|
heap
|
page read and write
|
||
|
300E000
|
stack
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
1564000
|
heap
|
page read and write
|
||
|
46C0000
|
direct allocation
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
1599000
|
heap
|
page read and write
|
||
|
45EF000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
45E2000
|
heap
|
page read and write
|
||
|
F44000
|
unkown
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
1556000
|
heap
|
page read and write
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
45FD000
|
heap
|
page read and write
|
||
|
45F3000
|
heap
|
page read and write
|
||
|
45C8000
|
heap
|
page read and write
|
||
|
45C3000
|
heap
|
page read and write
|
||
|
154A000
|
heap
|
page read and write
|
||
|
45C0000
|
heap
|
page read and write
|
||
|
153F000
|
heap
|
page read and write
|
||
|
F47000
|
unkown
|
page readonly
|
||
|
153F000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
14DE000
|
heap
|
page read and write
|
||
|
45FA000
|
heap
|
page read and write
|
||
|
1563000
|
heap
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
45CF000
|
heap
|
page read and write
|
||
|
1521000
|
heap
|
page read and write
|
||
|
4440000
|
direct allocation
|
page read and write
|
||
|
1239000
|
stack
|
page read and write
|
||
|
45E3000
|
heap
|
page read and write
|
||
|
45E0000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page read and write
|
||
|
45CE000
|
heap
|
page read and write
|
||
|
159F000
|
heap
|
page read and write
|
||
|
45EF000
|
heap
|
page read and write
|
||
|
1565000
|
heap
|
page read and write
|
||
|
151B000
|
heap
|
page read and write
|
||
|
15AB000
|
heap
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
15ED000
|
stack
|
page read and write
|
||
|
153C000
|
heap
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
1521000
|
heap
|
page read and write
|
||
|
159A000
|
heap
|
page read and write
|
||
|
F42000
|
unkown
|
page write copy
|
||
|
62BF000
|
stack
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
1534000
|
heap
|
page read and write
|
||
|
45E2000
|
heap
|
page read and write
|
||
|
45FE000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
158C000
|
heap
|
page read and write
|
||
|
493E000
|
stack
|
page read and write
|
||
|
1577000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
310E000
|
stack
|
page read and write
|
||
|
4603000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
457F000
|
stack
|
page read and write
|
||
|
155B000
|
heap
|
page read and write
|
||
|
45C9000
|
heap
|
page read and write
|
||
|
151F000
|
heap
|
page read and write
|
||
|
4616000
|
heap
|
page read and write
|
||
|
F47000
|
unkown
|
page readonly
|
||
|
38CE000
|
stack
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
45E9000
|
heap
|
page read and write
|
||
|
157B000
|
heap
|
page read and write
|
||
|
F66000
|
unkown
|
page readonly
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
14FA000
|
heap
|
page read and write
|
||
|
1370000
|
heap
|
page read and write
|
||
|
31B0000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
155F000
|
heap
|
page read and write
|
||
|
154D000
|
heap
|
page read and write
|
||
|
45F6000
|
heap
|
page read and write
|
||
|
15A7000
|
heap
|
page read and write
|
||
|
1375000
|
heap
|
page read and write
|
||
|
3C40000
|
trusted library allocation
|
page read and write
|
||
|
F43000
|
unkown
|
page write copy
|
||
|
4618000
|
heap
|
page read and write
|
||
|
1525000
|
heap
|
page read and write
|
||
|
F3E000
|
unkown
|
page write copy
|
||
|
155D000
|
heap
|
page read and write
|
||
|
1566000
|
heap
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
45DB000
|
heap
|
page read and write
|
||
|
15A8000
|
heap
|
page read and write
|
||
|
1595000
|
heap
|
page read and write
|
||
|
45D8000
|
heap
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
1563000
|
heap
|
page read and write
|
||
|
45FA000
|
heap
|
page read and write
|
||
|
157E000
|
heap
|
page read and write
|
||
|
5BA6000
|
heap
|
page read and write
|
||
|
45C8000
|
heap
|
page read and write
|
||
|
156D000
|
heap
|
page read and write
|
||
|
1521000
|
heap
|
page read and write
|
||
|
1513000
|
heap
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1584000
|
heap
|
page read and write
|
||
|
182E000
|
stack
|
page read and write
|
||
|
14FA000
|
heap
|
page read and write
|
||
|
1557000
|
heap
|
page read and write
|
||
|
45FD000
|
heap
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
4440000
|
direct allocation
|
page read and write
|
||
|
155F000
|
heap
|
page read and write
|
||
|
1562000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
1519000
|
heap
|
page read and write
|
||
|
1562000
|
heap
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
45F0000
|
heap
|
page read and write
|
||
|
45D1000
|
heap
|
page read and write
|
||
|
1553000
|
heap
|
page read and write
|
||
|
CA0000
|
unkown
|
page readonly
|
||
|
332E000
|
stack
|
page read and write
|
||
|
14DC000
|
heap
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
159A000
|
heap
|
page read and write
|
||
|
15A3000
|
heap
|
page read and write
|
||
|
1560000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
156C000
|
heap
|
page read and write
|
||
|
31BB000
|
heap
|
page read and write
|
||
|
31B5000
|
heap
|
page read and write
|
||
|
1567000
|
heap
|
page read and write
|
||
|
447E000
|
stack
|
page read and write
|
||
|
F66000
|
unkown
|
page readonly
|
||
|
EB8000
|
unkown
|
page readonly
|
||
|
1534000
|
heap
|
page read and write
|
||
|
45F2000
|
heap
|
page read and write
|
||
|
1513000
|
heap
|
page read and write
|
||
|
CA1000
|
unkown
|
page execute read
|
||
|
4816000
|
direct allocation
|
page read and write
|
There are 209 hidden memdumps, click here to show them.