Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
yDoZVwXSMG.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\BrandingURL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\FindProcDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\InstallOptions.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\LogEx.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\ioSpecial.ini
|
Generic INItialization configuration [Field 1]
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nslC943.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 245 x 468 x 24, image size 344448, resolution 3779 x 3779 px/m, cbSize 344502, bits offset
54
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsqC8C5.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\nsvC710.tmp
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\yDoZVwXSMG.exe
|
"C:\Users\user\Desktop\yDoZVwXSMG.exe"
|
||
C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe
|
"C:\Users\user\AppData\Local\Temp\~nsuA.tmp\Au_.exe" _?=C:\Users\user\Desktop\
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.gegridsolutions.com/multilin/200Set
|
unknown
|
||
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
https://www.gegridsolutions.com/multilin/
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3A18000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A10000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
436000
|
unkown
|
page readonly
|
||
545000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
604000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
25EE000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
26EF000
|
stack
|
page read and write
|
||
5D0000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
4BE000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
606000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
2828000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
27C0000
|
heap
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A81000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
20FE000
|
stack
|
page read and write
|
||
57E000
|
heap
|
page read and write
|
||
2120000
|
heap
|
page read and write
|
||
57A000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A80000
|
heap
|
page read and write
|
||
20E0000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
39F1000
|
unkown
|
page execute read
|
||
436000
|
unkown
|
page readonly
|
||
401000
|
unkown
|
page execute read
|
||
436000
|
unkown
|
page readonly
|
||
408000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3BB4000
|
heap
|
page read and write
|
||
39FB000
|
unkown
|
page readonly
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A00000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3BB0000
|
heap
|
page read and write
|
||
4E5000
|
heap
|
page read and write
|
||
4C5000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A11000
|
unkown
|
page execute read
|
||
4E7000
|
heap
|
page read and write
|
||
2100000
|
heap
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3150000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
212A000
|
heap
|
page read and write
|
||
24AE000
|
stack
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
39F7000
|
unkown
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
400000
|
unkown
|
page readonly
|
||
424000
|
unkown
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
4E9000
|
heap
|
page read and write
|
||
28C3000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A13000
|
unkown
|
page readonly
|
||
5DA000
|
heap
|
page read and write
|
||
3BC0000
|
trusted library allocation
|
page read and write
|
||
10001000
|
unkown
|
page execute read
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
2897000
|
heap
|
page read and write
|
||
2124000
|
heap
|
page read and write
|
||
3BC0000
|
trusted library allocation
|
page read and write
|
||
470000
|
heap
|
page read and write
|
||
549000
|
heap
|
page read and write
|
||
603000
|
heap
|
page read and write
|
||
27BF000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
26BF000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
410000
|
unkown
|
page read and write
|
||
423000
|
unkown
|
page read and write
|
||
90F000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
31F0000
|
trusted library allocation
|
page read and write
|
||
39F6000
|
unkown
|
page readonly
|
||
10002000
|
unkown
|
page readonly
|
||
4E0000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3160000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
436000
|
unkown
|
page readonly
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
2720000
|
heap
|
page read and write
|
||
427000
|
unkown
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
40A000
|
unkown
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3C80000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
4C0000
|
heap
|
page read and write
|
||
540000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
5DE000
|
heap
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
431000
|
unkown
|
page read and write
|
||
28A0000
|
heap
|
page read and write
|
||
5DE000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3C80000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
40C000
|
unkown
|
page read and write
|
||
2729000
|
heap
|
page read and write
|
||
21E4000
|
heap
|
page read and write
|
||
40A000
|
unkown
|
page read and write
|
||
460000
|
heap
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
3A81000
|
heap
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A14000
|
unkown
|
page read and write
|
||
21D0000
|
heap
|
page read and write
|
||
25AF000
|
stack
|
page read and write
|
||
5E2000
|
heap
|
page read and write
|
||
80E000
|
stack
|
page read and write
|
||
42C000
|
unkown
|
page read and write
|
||
5FB000
|
heap
|
page read and write
|
||
3A10000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
570000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
10004000
|
unkown
|
page readonly
|
||
5E5000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3AB0000
|
heap
|
page read and write
|
||
10000000
|
unkown
|
page readonly
|
||
19A000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
96000
|
stack
|
page read and write
|
||
7CF000
|
stack
|
page read and write
|
||
39F0000
|
unkown
|
page readonly
|
||
61D000
|
heap
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
2270000
|
heap
|
page read and write
|
||
215E000
|
stack
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
601000
|
heap
|
page read and write
|
||
39F9000
|
unkown
|
page read and write
|
||
3A20000
|
trusted library allocation
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
42C000
|
unkown
|
page read and write
|
||
10003000
|
unkown
|
page read and write
|
There are 173 hidden memdumps, click here to show them.