Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
LiquidText Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LiquidText Installer.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8517.tmp
|
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFFFD4.tmp
|
PNG image data, 68 x 68, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tmp816B.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tmp8218.tmp
|
ASCII text, with very long lines (1136), with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\LiquidText Installer.exe
|
"C:\Users\user\Desktop\LiquidText Installer.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.datacontract.org/2004/07/StoreInstaller.Models
|
unknown
|
||
|
http://foo/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://defaultcontainer/StoreInstaller;component/Resources/StoreAppList.Light.png
|
unknown
|
||
|
http://schemas.datacontract.org
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://schemas.datacontract.org/2004/07/Microsoft.UniversalStore.DisplayCatalog.Contracts.Version7.R
|
unknown
|
||
|
http://foo/bar/resources/storeapplist.light.png
|
unknown
|
||
|
http://www.w3.oh
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\LiquidText Installer_RASMANCS
|
FileDirectory
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Left
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
|
Top
|
There are 6 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
17E790DC000
|
heap
|
page read and write
|
||
|
7FF849040000
|
trusted library allocation
|
page read and write
|
||
|
17E5D7FD000
|
heap
|
page read and write
|
||
|
17E77D34000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC40000
|
heap
|
page read and write
|
||
|
17E5D8B5000
|
heap
|
page read and write
|
||
|
17E5DA9D000
|
heap
|
page read and write
|
||
|
270F7B7000
|
stack
|
page read and write
|
||
|
17E77BB7000
|
heap
|
page read and write
|
||
|
17E7BEFB000
|
heap
|
page read and write
|
||
|
17E77B36000
|
heap
|
page read and write
|
||
|
17E77BD9000
|
heap
|
page read and write
|
||
|
7FF848FD6000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC37000
|
heap
|
page read and write
|
||
|
17E5F68B000
|
trusted library allocation
|
page read and write
|
||
|
17E77D1C000
|
heap
|
page read and write
|
||
|
17E7BE92000
|
heap
|
page read and write
|
||
|
17E79064000
|
heap
|
page read and write
|
||
|
7FF848DBC000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E5D950000
|
heap
|
page execute and read and write
|
||
|
17E7908C000
|
heap
|
page read and write
|
||
|
17E5F2C0000
|
heap
|
page execute and read and write
|
||
|
7FF848FDD000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC53000
|
heap
|
page read and write
|
||
|
17E7BF6D000
|
heap
|
page read and write
|
||
|
7FF848FEB000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE3000
|
trusted library allocation
|
page read and write
|
||
|
17E7BD30000
|
heap
|
page read and write
|
||
|
17E77D0D000
|
heap
|
page read and write
|
||
|
17E7BE99000
|
heap
|
page read and write
|
||
|
270EB7E000
|
stack
|
page read and write
|
||
|
7FF848FF0000
|
trusted library allocation
|
page read and write
|
||
|
17E77DB7000
|
heap
|
page read and write
|
||
|
7FF849023000
|
trusted library allocation
|
page read and write
|
||
|
17E5D7E1000
|
heap
|
page read and write
|
||
|
270F2BE000
|
stack
|
page read and write
|
||
|
17E77D28000
|
heap
|
page read and write
|
||
|
17E5F68E000
|
trusted library allocation
|
page read and write
|
||
|
17E77450000
|
trusted library allocation
|
page read and write
|
||
|
7FF849010000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F12000
|
trusted library allocation
|
page read and write
|
||
|
17E791F9000
|
heap
|
page read and write
|
||
|
7FF848F70000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC2A000
|
heap
|
page read and write
|
||
|
7FF848D73000
|
trusted library allocation
|
page read and write
|
||
|
17E5F868000
|
trusted library allocation
|
page read and write
|
||
|
17E79097000
|
heap
|
page read and write
|
||
|
17E79060000
|
heap
|
page read and write
|
||
|
17E5FA53000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D80000
|
trusted library allocation
|
page read and write
|
||
|
17E79054000
|
heap
|
page read and write
|
||
|
270EE7E000
|
stack
|
page read and write
|
||
|
17E77AF7000
|
heap
|
page read and write
|
||
|
17E790B0000
|
heap
|
page read and write
|
||
|
17E7910E000
|
heap
|
page read and write
|
||
|
17E77AFD000
|
heap
|
page read and write
|
||
|
17E77B24000
|
heap
|
page read and write
|
||
|
17E79200000
|
heap
|
page read and write
|
||
|
17E7C702000
|
trusted library allocation
|
page read and write
|
||
|
17E7912C000
|
heap
|
page read and write
|
||
|
17E5F8C5000
|
trusted library allocation
|
page read and write
|
||
|
17E5D8D0000
|
trusted library allocation
|
page read and write
|
||
|
17E5F53F000
|
trusted library allocation
|
page read and write
|
||
|
17E790D9000
|
heap
|
page read and write
|
||
|
17E7BFBC000
|
heap
|
page read and write
|
||
|
7FF848F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F14000
|
trusted library allocation
|
page read and write
|
||
|
17E7BFBA000
|
heap
|
page read and write
|
||
|
270F6BE000
|
stack
|
page read and write
|
||
|
17E7BD1B000
|
heap
|
page read and write
|
||
|
17E7904E000
|
heap
|
page read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D84000
|
trusted library allocation
|
page read and write
|
||
|
17E77D10000
|
heap
|
page read and write
|
||
|
17E79211000
|
heap
|
page read and write
|
||
|
17E5FEDE000
|
trusted library allocation
|
page read and write
|
||
|
17E791AE000
|
heap
|
page read and write
|
||
|
17E7BF45000
|
heap
|
page read and write
|
||
|
17E7BF84000
|
heap
|
page read and write
|
||
|
7FF849030000
|
trusted library allocation
|
page read and write
|
||
|
17E7BE52000
|
heap
|
page read and write
|
||
|
17E791A8000
|
heap
|
page read and write
|
||
|
17E5D960000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
|
7FF4340D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
270F4BB000
|
stack
|
page read and write
|
||
|
17E7BD44000
|
heap
|
page read and write
|
||
|
17E79204000
|
heap
|
page read and write
|
||
|
17E79101000
|
heap
|
page read and write
|
||
|
17E7909B000
|
heap
|
page read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
17E5F340000
|
heap
|
page read and write
|
||
|
17E5D640000
|
heap
|
page read and write
|
||
|
17E5F8D5000
|
trusted library allocation
|
page read and write
|
||
|
17E5F410000
|
heap
|
page read and write
|
||
|
17E77B17000
|
heap
|
page read and write
|
||
|
17E7BC20000
|
heap
|
page read and write
|
||
|
17E7CC72000
|
heap
|
page read and write
|
||
|
270F8BD000
|
stack
|
page read and write
|
||
|
7FF848D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E77B32000
|
heap
|
page read and write
|
||
|
7FF848FD0000
|
trusted library allocation
|
page read and write
|
||
|
17E5F343000
|
heap
|
page read and write
|
||
|
7FF849074000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC5D000
|
heap
|
page read and write
|
||
|
17E5FD08000
|
trusted library allocation
|
page read and write
|
||
|
7FF849060000
|
trusted library allocation
|
page read and write
|
||
|
270E53F000
|
stack
|
page read and write
|
||
|
7FF848FB0000
|
trusted library allocation
|
page read and write
|
||
|
17E7CBA9000
|
heap
|
page read and write
|
||
|
17E7BC33000
|
heap
|
page read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
|
17E7BE24000
|
heap
|
page read and write
|
||
|
7FF849000000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848FBA000
|
trusted library allocation
|
page read and write
|
||
|
17E5F713000
|
trusted library allocation
|
page read and write
|
||
|
270EC7D000
|
stack
|
page read and write
|
||
|
17E5D760000
|
heap
|
page read and write
|
||
|
270E4FA000
|
stack
|
page read and write
|
||
|
17E7BF67000
|
heap
|
page read and write
|
||
|
270DEFE000
|
stack
|
page read and write
|
||
|
17E5F421000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D8D000
|
trusted library allocation
|
page execute and read and write
|
||
|
270E97E000
|
stack
|
page read and write
|
||
|
270E1FE000
|
stack
|
page read and write
|
||
|
17E7BCF2000
|
heap
|
page read and write
|
||
|
17E77420000
|
trusted library allocation
|
page read and write
|
||
|
17E5F7AB000
|
trusted library allocation
|
page read and write
|
||
|
17E6F43D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
17E5D720000
|
heap
|
page read and write
|
||
|
17E7BCF7000
|
heap
|
page read and write
|
||
|
17E77B1B000
|
heap
|
page read and write
|
||
|
17E77CE0000
|
heap
|
page read and write
|
||
|
17E5F7F1000
|
trusted library allocation
|
page read and write
|
||
|
17E7C000000
|
heap
|
page read and write
|
||
|
17E79030000
|
heap
|
page read and write
|
||
|
7FF848F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E5F835000
|
trusted library allocation
|
page read and write
|
||
|
17E5D4E2000
|
unkown
|
page readonly
|
||
|
7FF848D64000
|
trusted library allocation
|
page read and write
|
||
|
17E7BD53000
|
heap
|
page read and write
|
||
|
17E79105000
|
heap
|
page read and write
|
||
|
17E790A6000
|
heap
|
page read and write
|
||
|
270E93A000
|
stack
|
page read and write
|
||
|
17E7BF7C000
|
heap
|
page read and write
|
||
|
17E5DA90000
|
heap
|
page read and write
|
||
|
17E5F887000
|
trusted library allocation
|
page read and write
|
||
|
17E7BFC6000
|
heap
|
page read and write
|
||
|
7FF848F80000
|
trusted library allocation
|
page read and write
|
||
|
17E5D85C000
|
heap
|
page read and write
|
||
|
17E791A4000
|
heap
|
page read and write
|
||
|
17E77D17000
|
heap
|
page read and write
|
||
|
17E77BD1000
|
heap
|
page read and write
|
||
|
17E5D975000
|
heap
|
page read and write
|
||
|
17E5F300000
|
trusted library section
|
page readonly
|
||
|
17E791D0000
|
heap
|
page read and write
|
||
|
17E7BF99000
|
heap
|
page read and write
|
||
|
17E77BDE000
|
heap
|
page read and write
|
||
|
270DDFE000
|
stack
|
page read and write
|
||
|
17E5D5A2000
|
unkown
|
page readonly
|
||
|
17E5FEE0000
|
trusted library allocation
|
page read and write
|
||
|
17E5F83D000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
|
17E7BD4C000
|
heap
|
page read and write
|
||
|
17E5D970000
|
heap
|
page read and write
|
||
|
7FF848F1F000
|
trusted library allocation
|
page read and write
|
||
|
17E5D8F0000
|
heap
|
page execute and read and write
|
||
|
17E5D82A000
|
heap
|
page read and write
|
||
|
17E790F8000
|
heap
|
page read and write
|
||
|
17E7BF49000
|
heap
|
page read and write
|
||
|
17E77CD0000
|
heap
|
page read and write
|
||
|
17E7BEF8000
|
heap
|
page read and write
|
||
|
7FF848D8B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17E5FA55000
|
trusted library allocation
|
page read and write
|
||
|
17E5D4E0000
|
unkown
|
page readonly
|
||
|
270E2FF000
|
stack
|
page read and write
|
||
|
17E77CE9000
|
heap
|
page read and write
|
||
|
7FF848D63000
|
trusted library allocation
|
page execute and read and write
|
||
|
270EEBF000
|
stack
|
page read and write
|
||
|
17E5D7FF000
|
heap
|
page read and write
|
||
|
7FF848E1C000
|
trusted library allocation
|
page execute and read and write
|
||
|
270E6F4000
|
stack
|
page read and write
|
||
|
17E5F8EB000
|
trusted library allocation
|
page read and write
|
||
|
17E5DA95000
|
heap
|
page read and write
|
||
|
17E5D953000
|
heap
|
page execute and read and write
|
||
|
17E5FCFC000
|
trusted library allocation
|
page read and write
|
||
|
17E7BCD5000
|
heap
|
page read and write
|
||
|
17E79206000
|
heap
|
page read and write
|
||
|
17E5D4E0000
|
unkown
|
page readonly
|
||
|
17E79224000
|
heap
|
page read and write
|
||
|
17E5F85E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FE1000
|
trusted library allocation
|
page read and write
|
||
|
17E6F421000
|
trusted library allocation
|
page read and write
|
||
|
17E7BCD0000
|
heap
|
page read and write
|
||
|
17E79199000
|
heap
|
page read and write
|
||
|
17E77AE0000
|
heap
|
page read and write
|
||
|
17E5FA4D000
|
trusted library allocation
|
page read and write
|
||
|
17E5D7DC000
|
heap
|
page read and write
|
||
|
17E7BC50000
|
heap
|
page read and write
|
||
|
17E7CD3B000
|
heap
|
page read and write
|
||
|
17E5D740000
|
heap
|
page read and write
|
||
|
17E77BD5000
|
heap
|
page read and write
|
||
|
7FF848D62000
|
trusted library allocation
|
page read and write
|
||
|
7FF848FEF000
|
trusted library allocation
|
page read and write
|
||
|
7FF849050000
|
trusted library allocation
|
page read and write
|
||
|
270EFBE000
|
stack
|
page read and write
|
||
|
17E5D7B0000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
270E3FB000
|
stack
|
page read and write
|
||
|
270D9DE000
|
stack
|
page read and write
|
||
|
7FF848F22000
|
trusted library allocation
|
page read and write
|
||
|
17E5F850000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC7D000
|
heap
|
page read and write
|
||
|
17E7BEF1000
|
heap
|
page read and write
|
||
|
7FF849070000
|
trusted library allocation
|
page read and write
|
||
|
17E7CAE0000
|
heap
|
page read and write
|
||
|
17E791C2000
|
heap
|
page read and write
|
||
|
7FF848F4E000
|
trusted library allocation
|
page read and write
|
||
|
17E7910B000
|
heap
|
page read and write
|
||
|
17E7BFC9000
|
heap
|
page read and write
|
||
|
17E7BE5E000
|
heap
|
page read and write
|
||
|
17E5F871000
|
trusted library allocation
|
page read and write
|
||
|
17E7BE67000
|
heap
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E46000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E80000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F5B000
|
trusted library allocation
|
page read and write
|
||
|
7FF848E16000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC35000
|
heap
|
page read and write
|
||
|
270E0FC000
|
stack
|
page read and write
|
||
|
270DFFE000
|
stack
|
page read and write
|
||
|
7FF848F4A000
|
trusted library allocation
|
page read and write
|
||
|
7FF849020000
|
trusted library allocation
|
page read and write
|
||
|
17E79125000
|
heap
|
page read and write
|
||
|
17E7920E000
|
heap
|
page read and write
|
||
|
17E5D930000
|
heap
|
page read and write
|
||
|
270EA7B000
|
stack
|
page read and write
|
||
|
17E5D7C0000
|
heap
|
page read and write
|
||
|
17E5D982000
|
heap
|
page read and write
|
||
|
17E5F7EC000
|
trusted library allocation
|
page read and write
|
||
|
17E5FECE000
|
trusted library allocation
|
page read and write
|
||
|
17E7BC30000
|
heap
|
page read and write
|
||
|
17E5F8C9000
|
trusted library allocation
|
page read and write
|
||
|
17E7BE4E000
|
heap
|
page read and write
|
||
|
270F5B4000
|
stack
|
page read and write
|
||
|
17E7BC25000
|
heap
|
page read and write
|
||
|
17E5F86C000
|
trusted library allocation
|
page read and write
|
||
|
17E5FE50000
|
trusted library allocation
|
page read and write
|
||
|
17E791F1000
|
heap
|
page read and write
|
||
|
17E5F81C000
|
trusted library allocation
|
page read and write
|
||
|
17E7BCB3000
|
heap
|
page read and write
|
||
|
17E5D7FB000
|
heap
|
page read and write
|
||
|
17E77B39000
|
heap
|
page read and write
|
||
|
270ED7D000
|
stack
|
page read and write
|
||
|
270DCFE000
|
stack
|
page read and write
|
There are 248 hidden memdumps, click here to show them.