Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\nso5721.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Roaming\Shoved\Factorist\dialog-warning-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
C:\Users\user\AppData\Roaming\Shoved\skrupforelskede.bin
|
data
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
|
C:\Users\user\Desktop\CONTRACT_REVISED-SHIPMENT-DOCUMENTS_EXPORTS_REFERENCE-QT63637-02993900299348.exe
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bestyrelsesformanden
|
Knsdiskriminering
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Unengrossed\assistance\Irrer36\Trasker
|
Gloomings
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Investigational\Phenomenally\Abortive
|
nettoprisens
|
||
HKEY_CURRENT_USER\Software\Retssags\Minigolfens\Cerutterne\Pisset
|
Dactylopius
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2A70000
|
trusted library allocation
|
page execute and read and write
|
||
684000
|
heap
|
page read and write
|
||
1DEBBF50000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
874D379000
|
stack
|
page read and write
|
||
1DEBB24F000
|
heap
|
page read and write
|
||
1DEBBF66000
|
trusted library allocation
|
page read and write
|
||
739A6000
|
unkown
|
page readonly
|
||
5B0000
|
trusted library allocation
|
page read and write
|
||
1DEBB5C0000
|
trusted library allocation
|
page read and write
|
||
874D2FF000
|
stack
|
page read and write
|
||
19A000
|
stack
|
page read and write
|
||
287F000
|
stack
|
page read and write
|
||
1DEBBF6A000
|
trusted library allocation
|
page read and write
|
||
1DEBB5B5000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1DEBBF64000
|
trusted library allocation
|
page read and write
|
||
739A1000
|
unkown
|
page execute read
|
||
1DEBC210000
|
heap
|
page readonly
|
||
1DEBB5B0000
|
heap
|
page read and write
|
||
47E000
|
unkown
|
page readonly
|
||
40A000
|
unkown
|
page read and write
|
||
C36000
|
heap
|
page read and write
|
||
22F0000
|
heap
|
page read and write
|
||
1DEBC1D0000
|
trusted library allocation
|
page read and write
|
||
40A000
|
unkown
|
page write copy
|
||
1DEBB250000
|
heap
|
page read and write
|
||
1DEBBF40000
|
trusted library allocation
|
page read and write
|
||
277E000
|
stack
|
page read and write
|
||
1DEBB252000
|
heap
|
page read and write
|
||
1DEBB248000
|
heap
|
page read and write
|
||
874D07B000
|
stack
|
page read and write
|
||
874D279000
|
stack
|
page read and write
|
||
6FC000
|
heap
|
page read and write
|
||
1DEBBF60000
|
trusted library allocation
|
page read and write
|
||
874D1F9000
|
stack
|
page read and write
|
||
440000
|
unkown
|
page read and write
|
||
47E000
|
unkown
|
page readonly
|
||
2990000
|
trusted library allocation
|
page read and write
|
||
1DEBBF62000
|
trusted library allocation
|
page read and write
|
||
30000
|
heap
|
page read and write
|
||
1DEBC230000
|
trusted library allocation
|
page read and write
|
||
2250000
|
heap
|
page read and write
|
||
6DB000
|
heap
|
page read and write
|
||
6A0000
|
heap
|
page read and write
|
||
605000
|
heap
|
page read and write
|
||
1DEBB210000
|
heap
|
page read and write
|
||
1DEBB24F000
|
heap
|
page read and write
|
||
1DEBBFB0000
|
trusted library allocation
|
page read and write
|
||
29A0000
|
trusted library allocation
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
437000
|
unkown
|
page read and write
|
||
C30000
|
heap
|
page read and write
|
||
97000
|
stack
|
page read and write
|
||
6A8000
|
heap
|
page read and write
|
||
2980000
|
trusted library allocation
|
page read and write
|
||
874D3FC000
|
stack
|
page read and write
|
||
431000
|
unkown
|
page read and write
|
||
47B000
|
unkown
|
page read and write
|
||
680000
|
heap
|
page read and write
|
||
273F000
|
stack
|
page read and write
|
||
600000
|
heap
|
page read and write
|
||
1DEBBFC0000
|
trusted library allocation
|
page read and write
|
||
460000
|
unkown
|
page read and write
|
||
1DEBB3D0000
|
heap
|
page read and write
|
||
1DEBB200000
|
heap
|
page read and write
|
||
1DEBB208000
|
heap
|
page read and write
|
||
1DEBBFC6000
|
trusted library allocation
|
page read and write
|
||
739A4000
|
unkown
|
page readonly
|
||
1DEBB170000
|
heap
|
page read and write
|
||
739A0000
|
unkown
|
page readonly
|
||
1DEBC220000
|
trusted library allocation
|
page read and write
|
||
1DEBB5B9000
|
heap
|
page read and write
|
||
408000
|
unkown
|
page readonly
|
||
22AE000
|
stack
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
1DEBC280000
|
trusted library allocation
|
page read and write
|
||
1DEBC200000
|
trusted library allocation
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
1DEBB271000
|
heap
|
page read and write
|
||
1DEBB180000
|
trusted library allocation
|
page read and write
|
||
1DEBB1E0000
|
heap
|
page read and write
|
There are 72 hidden memdumps, click here to show them.