Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
65X4tr6fyX.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\MSI3766.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI3842.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSIa3bca.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\shi35CF.tmp
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\FineViews Official Community\Installer 1.0.0\install\D67B221\CapCut Installer.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {474A16A5-B56D-420F-B554-828A20264299}, Number of Words: 0, Subject: Installer, Author: FineViews Official
Community, Name of Creating Application: Installer, Template: ;1033, Comments: This installer database contains the logic
and data required to install Installer., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages:
200
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\FineViews Official Community\Installer 1.0.0\install\decoder.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\FineViews Official Community\Installer 1.0.0\install\holder0.aiph
|
data
|
dropped
|
||
|
C:\Windows\Installer\5a3979.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44
2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page:
1252, Revision Number: {474A16A5-B56D-420F-B554-828A20264299}, Number of Words: 0, Subject: Installer, Author: FineViews Official
Community, Name of Creating Application: Installer, Template: ;1033, Comments: This installer database contains the logic
and data required to install Installer., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages:
200
|
dropped
|
||
|
C:\Windows\Installer\MSI3AB1.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3B20.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3B6F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI3B9F.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\65X4tr6fyX.exe
|
"C:\Users\user\Desktop\65X4tr6fyX.exe"
|
||
|
C:\Windows\System32\msiexec.exe
|
C:\Windows\system32\msiexec.exe /V
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding EBEF6F46475D66D6CF3B6B5FF30932BA C
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
"C:\Windows\system32\msiexec.exe" /i "C:\Users\user\AppData\Roaming\FineViews Official Community\Installer 1.0.0\install\D67B221\CapCut
Installer.msi" AI_SETUPEXEPATH=C:\Users\user\Desktop\65X4tr6fyX.exe SETUPEXEDIR=C:\Users\user\Desktop\ EXE_CMD_LINE="/exenoupdates
/forcecleanup /wintime 1732213957 " AI_EUIMSI=""
|
||
|
C:\Windows\SysWOW64\msiexec.exe
|
C:\Windows\syswow64\MsiExec.exe -Embedding 2B5EC4E9F9B2BE78351790F405B34BD2
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://html4/loose.dtd
|
unknown
|
||
|
https://www.advancedinstaller.com
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1263000
|
heap
|
page read and write
|
||
|
339D000
|
stack
|
page read and write
|
||
|
11FC000
|
heap
|
page read and write
|
||
|
D6F000
|
unkown
|
page write copy
|
||
|
2CFE000
|
stack
|
page read and write
|
||
|
3F17000
|
heap
|
page read and write
|
||
|
12C8000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
63D1000
|
heap
|
page read and write
|
||
|
63F4000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
63EF000
|
heap
|
page read and write
|
||
|
42CE000
|
stack
|
page read and write
|
||
|
1268000
|
heap
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
12A1000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
641C000
|
heap
|
page read and write
|
||
|
12A8000
|
heap
|
page read and write
|
||
|
400F000
|
stack
|
page read and write
|
||
|
123E000
|
heap
|
page read and write
|
||
|
43CF000
|
stack
|
page read and write
|
||
|
127A000
|
heap
|
page read and write
|
||
|
11E4000
|
heap
|
page read and write
|
||
|
63D3000
|
heap
|
page read and write
|
||
|
592E000
|
stack
|
page read and write
|
||
|
1281000
|
heap
|
page read and write
|
||
|
1279000
|
heap
|
page read and write
|
||
|
6401000
|
heap
|
page read and write
|
||
|
63F1000
|
heap
|
page read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
D6F000
|
unkown
|
page read and write
|
||
|
63F3000
|
heap
|
page read and write
|
||
|
1257000
|
heap
|
page read and write
|
||
|
63FC000
|
heap
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
1242000
|
heap
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
1241000
|
heap
|
page read and write
|
||
|
1232000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
63E6000
|
heap
|
page read and write
|
||
|
63D9000
|
heap
|
page read and write
|
||
|
63C0000
|
heap
|
page read and write
|
||
|
5675000
|
heap
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
1232000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
1296000
|
heap
|
page read and write
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
63D9000
|
heap
|
page read and write
|
||
|
641C000
|
heap
|
page read and write
|
||
|
63F7000
|
heap
|
page read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
63F6000
|
heap
|
page read and write
|
||
|
D75000
|
unkown
|
page read and write
|
||
|
127D000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
63F6000
|
heap
|
page read and write
|
||
|
63E0000
|
heap
|
page read and write
|
||
|
63F5000
|
heap
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
12C2000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
12C2000
|
heap
|
page read and write
|
||
|
123E000
|
heap
|
page read and write
|
||
|
1273000
|
heap
|
page read and write
|
||
|
63EB000
|
heap
|
page read and write
|
||
|
12C2000
|
heap
|
page read and write
|
||
|
1277000
|
heap
|
page read and write
|
||
|
126A000
|
heap
|
page read and write
|
||
|
D73000
|
unkown
|
page write copy
|
||
|
125E000
|
heap
|
page read and write
|
||
|
123D000
|
heap
|
page read and write
|
||
|
63FD000
|
heap
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
6408000
|
heap
|
page read and write
|
||
|
1282000
|
heap
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
1277000
|
heap
|
page read and write
|
||
|
641E000
|
heap
|
page read and write
|
||
|
129F000
|
heap
|
page read and write
|
||
|
6410000
|
heap
|
page read and write
|
||
|
12B6000
|
heap
|
page read and write
|
||
|
12A9000
|
heap
|
page read and write
|
||
|
2C55000
|
heap
|
page read and write
|
||
|
11CF000
|
stack
|
page read and write
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
2C60000
|
heap
|
page read and write
|
||
|
12C8000
|
heap
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
9DB000
|
stack
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
1276000
|
heap
|
page read and write
|
||
|
63DB000
|
heap
|
page read and write
|
||
|
12CA000
|
heap
|
page read and write
|
||
|
1269000
|
heap
|
page read and write
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
12B3000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
2D10000
|
heap
|
page read and write
|
||
|
D78000
|
unkown
|
page readonly
|
||
|
1263000
|
heap
|
page read and write
|
||
|
2C5B000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
1266000
|
heap
|
page read and write
|
||
|
12C8000
|
heap
|
page read and write
|
||
|
1297000
|
heap
|
page read and write
|
||
|
4054000
|
heap
|
page read and write
|
||
|
12BF000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
12CB000
|
heap
|
page read and write
|
||
|
12B2000
|
heap
|
page read and write
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
1265000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
5A2E000
|
stack
|
page read and write
|
||
|
1283000
|
heap
|
page read and write
|
||
|
126F000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
641C000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
128E000
|
heap
|
page read and write
|
||
|
2C50000
|
heap
|
page read and write
|
||
|
D78000
|
unkown
|
page readonly
|
||
|
130E000
|
stack
|
page read and write
|
||
|
63F9000
|
heap
|
page read and write
|
||
|
121D000
|
heap
|
page read and write
|
||
|
3710000
|
trusted library allocation
|
page read and write
|
||
|
123E000
|
heap
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
||
|
1274000
|
heap
|
page read and write
|
||
|
1261000
|
heap
|
page read and write
|
||
|
121D000
|
heap
|
page read and write
|
||
|
12A9000
|
heap
|
page read and write
|
||
|
12C2000
|
heap
|
page read and write
|
||
|
1295000
|
heap
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
63E8000
|
heap
|
page read and write
|
||
|
12C8000
|
heap
|
page read and write
|
||
|
2DA0000
|
heap
|
page read and write
|
||
|
AD1000
|
unkown
|
page execute read
|
||
|
6426000
|
heap
|
page read and write
|
||
|
1294000
|
heap
|
page read and write
|
||
|
12BB000
|
heap
|
page read and write
|
||
|
1272000
|
heap
|
page read and write
|
||
|
3F18000
|
heap
|
page read and write
|
||
|
2D9E000
|
stack
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
AAE000
|
stack
|
page read and write
|
||
|
63E8000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
1241000
|
heap
|
page read and write
|
||
|
12AE000
|
heap
|
page read and write
|
||
|
1279000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
129C000
|
heap
|
page read and write
|
||
|
6405000
|
heap
|
page read and write
|
||
|
128D000
|
heap
|
page read and write
|
||
|
63DA000
|
heap
|
page read and write
|
||
|
1267000
|
heap
|
page read and write
|
||
|
1255000
|
heap
|
page read and write
|
||
|
12A6000
|
heap
|
page read and write
|
||
|
6422000
|
heap
|
page read and write
|
||
|
121D000
|
heap
|
page read and write
|
||
|
CE9000
|
unkown
|
page readonly
|
||
|
63F2000
|
heap
|
page read and write
|
||
|
AD0000
|
unkown
|
page readonly
|
||
|
8D9000
|
stack
|
page read and write
|
||
|
2E54000
|
heap
|
page read and write
|
||
|
D74000
|
unkown
|
page write copy
|
||
|
128D000
|
heap
|
page read and write
|
||
|
1262000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
63D0000
|
heap
|
page read and write
|
||
|
CE9000
|
unkown
|
page readonly
|
||
|
127A000
|
heap
|
page read and write
|
||
|
63F9000
|
heap
|
page read and write
|
||
|
128C000
|
heap
|
page read and write
|
||
|
1232000
|
heap
|
page read and write
|
||
|
2E50000
|
heap
|
page read and write
|
||
|
128F000
|
heap
|
page read and write
|
||
|
1285000
|
heap
|
page read and write
|
||
|
12AD000
|
heap
|
page read and write
|
||
|
1219000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
12CD000
|
heap
|
page read and write
|
||
|
11E5000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
41EB000
|
heap
|
page read and write
|
||
|
2CBD000
|
stack
|
page read and write
|
||
|
140E000
|
stack
|
page read and write
|
||
|
12A3000
|
heap
|
page read and write
|
There are 190 hidden memdumps, click here to show them.