Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Player reports algnet 07-10-2024 .pdf www.skype.com.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\HitPawInfo.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HitPawInfo.exe_4f927396ed7e1d24c97d8c6f3e8aee163dda5_092f0bdd_a9ecca0d-28b0-422f-a7be-50a9e18e0010\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER81F7.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Oct 7 22:40:55 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER82B4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER82E3.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\Dutchai.lng
|
Unicode text, UTF-8 (with BOM) text, with very long lines (348), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\Uninstall.ini
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aidatafile.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aiheader.bmp
|
PC bitmap, Windows 3.x format, 498 x 55 x 24, image size 82280, cbSize 82334, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aisetup.ini
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aisetup.zip
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\AITMP0\aiwizard.bmp
|
PC bitmap, Windows 3.x format, 500 x 314 x 24, image size 471000, cbSize 471054, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\PCInfo.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Respc.jpg
|
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian,
direntries=4, manufacturer=Canon, model=Canon PowerShot SX20 IS, orientation=upper-left], baseline, precision 8, 640x480,
components 3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ResourceCommander\Promptdource.xml
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\ResourceCommander\ResPrompt.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe
|
"C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\HitPawInfo.exe
|
"C:\Users\user~1\AppData\Local\Temp\HitPawInfo.exe"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
ResPrompt.dll
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s ResPrompt.dll
|
|
|
|
C:\Windows\System32\reg.exe
|
C:\Windows\system32\REG.EXE ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PMP" /t REG_SZ /F /D "schtasks /run
/tn PMP"
|
|
|
|
C:\Windows\System32\regsvr32.exe
|
regsvr32.exe /s ResPrompt.dll
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6652 -s 524
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.actualinstaller.comU
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://www.google.comU
|
unknown
|
||
|
http://www.actualinstaller.com
|
unknown
|
||
|
https://www.daproverb.be)
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
gibbooc2.com
|
154.21.14.89
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
154.21.14.89
|
gibbooc2.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
PMP
|
|
|
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
ProgramId
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
FileId
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
LongPathHash
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Name
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
OriginalFileName
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Publisher
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Version
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
BinFileVersion
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
BinaryType
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
ProductName
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
ProductVersion
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
LinkDate
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
BinProductVersion
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Size
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Language
|
||
|
\REGISTRY\A\{b4bdf091-55c8-f3a7-939b-8ace4b8c9d99}\Root\InventoryApplicationFile\hitpawinfo.exe|2b4244ee585c75fc
|
Usn
|
There are 10 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2946000
|
direct allocation
|
page read and write
|
||
|
7FF7973FA000
|
unkown
|
page write copy
|
||
|
7F120000
|
trusted library allocation
|
page read and write
|
||
|
7FFB0C491000
|
unkown
|
page execute read
|
||
|
E44000
|
heap
|
page read and write
|
||
|
DDB000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
1759AB60000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
2670000
|
heap
|
page read and write
|
||
|
998000
|
stack
|
page read and write
|
||
|
E41000
|
heap
|
page read and write
|
||
|
2F3A3F2F000
|
heap
|
page read and write
|
||
|
5B3000
|
unkown
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2990000
|
direct allocation
|
page read and write
|
||
|
2BCE000
|
stack
|
page read and write
|
||
|
297B000
|
direct allocation
|
page read and write
|
||
|
5A8000
|
unkown
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
10F0000
|
heap
|
page read and write
|
||
|
7FFB0C490000
|
unkown
|
page readonly
|
||
|
E2B000
|
heap
|
page read and write
|
||
|
E1E000
|
heap
|
page read and write
|
||
|
DCE000
|
stack
|
page read and write
|
||
|
29A6000
|
direct allocation
|
page read and write
|
||
|
2F3A0D4F000
|
heap
|
page read and write
|
||
|
DF2000
|
heap
|
page read and write
|
||
|
7FFB0C491000
|
unkown
|
page execute read
|
||
|
2F39E3D8000
|
heap
|
page read and write
|
||
|
10E0000
|
direct allocation
|
page execute and read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
DEF000
|
heap
|
page read and write
|
||
|
B7B000
|
heap
|
page read and write
|
||
|
2F3A2B2F000
|
heap
|
page read and write
|
||
|
10BE000
|
stack
|
page read and write
|
||
|
E23000
|
heap
|
page read and write
|
||
|
E2E000
|
heap
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
28D9000
|
direct allocation
|
page read and write
|
||
|
2964000
|
direct allocation
|
page read and write
|
||
|
29D8000
|
direct allocation
|
page read and write
|
||
|
2F39D821000
|
heap
|
page read and write
|
||
|
29D1000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
unkown
|
page readonly
|
||
|
3120000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
680000
|
heap
|
page read and write
|
||
|
46E4000
|
direct allocation
|
page read and write
|
||
|
29AD000
|
direct allocation
|
page read and write
|
||
|
2F39EA86000
|
heap
|
page read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
DF7000
|
heap
|
page read and write
|
||
|
34E000
|
unkown
|
page execute read
|
||
|
1759A8D0000
|
heap
|
page read and write
|
||
|
E48000
|
heap
|
page read and write
|
||
|
2F3A352F000
|
heap
|
page read and write
|
||
|
5B8000
|
unkown
|
page read and write
|
||
|
DF8000
|
heap
|
page read and write
|
||
|
1759A929000
|
heap
|
page read and write
|
||
|
FBE000
|
stack
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
DFC000
|
heap
|
page read and write
|
||
|
E19000
|
heap
|
page read and write
|
||
|
28FF000
|
direct allocation
|
page read and write
|
||
|
2982000
|
direct allocation
|
page read and write
|
||
|
2F3A174F000
|
heap
|
page read and write
|
||
|
57B000
|
heap
|
page read and write
|
||
|
301E000
|
stack
|
page read and write
|
||
|
7FFB0C519000
|
unkown
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
5AA000
|
unkown
|
page read and write
|
||
|
7FFB0C51B000
|
unkown
|
page read and write
|
||
|
7FFB0C4FE000
|
unkown
|
page readonly
|
||
|
2F39D721000
|
heap
|
page read and write
|
||
|
470B000
|
direct allocation
|
page read and write
|
||
|
29BC000
|
direct allocation
|
page read and write
|
||
|
DFD000
|
heap
|
page read and write
|
||
|
24FE000
|
stack
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
E3C000
|
heap
|
page read and write
|
||
|
E01000
|
heap
|
page read and write
|
||
|
7FFB0C4FE000
|
unkown
|
page readonly
|
||
|
7FFB0C519000
|
unkown
|
page read and write
|
||
|
4CC0000
|
trusted library allocation
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
7FFB0C51B000
|
unkown
|
page read and write
|
||
|
7F160000
|
trusted library allocation
|
page read and write
|
||
|
5BB000
|
unkown
|
page write copy
|
||
|
47B000
|
stack
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
E1D000
|
heap
|
page read and write
|
||
|
7FFB0C491000
|
unkown
|
page execute read
|
||
|
290F000
|
direct allocation
|
page read and write
|
||
|
29B4000
|
direct allocation
|
page read and write
|
||
|
E32000
|
heap
|
page read and write
|
||
|
7FFB0C51A000
|
unkown
|
page write copy
|
||
|
E07000
|
heap
|
page read and write
|
||
|
28EB000
|
direct allocation
|
page read and write
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
4BFC000
|
stack
|
page read and write
|
||
|
E14000
|
heap
|
page read and write
|
||
|
715000
|
heap
|
page read and write
|
||
|
7FFB0C51A000
|
unkown
|
page write copy
|
||
|
332E000
|
stack
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
2974000
|
direct allocation
|
page read and write
|
||
|
7FFB0C519000
|
unkown
|
page read and write
|
||
|
5C2000
|
unkown
|
page readonly
|
||
|
292F000
|
direct allocation
|
page read and write
|
||
|
550000
|
heap
|
page read and write
|
||
|
2F39F956000
|
heap
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
7FFB0C51E000
|
unkown
|
page readonly
|
||
|
E23000
|
heap
|
page read and write
|
||
|
1759A7D0000
|
heap
|
page read and write
|
||
|
28A7000
|
direct allocation
|
page read and write
|
||
|
DEB000
|
heap
|
page read and write
|
||
|
28AD000
|
direct allocation
|
page read and write
|
||
|
1759A920000
|
heap
|
page read and write
|
||
|
9B5000
|
heap
|
page read and write
|
||
|
10F9000
|
heap
|
page read and write
|
||
|
2F3A212F000
|
heap
|
page read and write
|
||
|
7FF7973F0000
|
unkown
|
page readonly
|
||
|
2998000
|
direct allocation
|
page read and write
|
||
|
2F39E68E000
|
heap
|
page read and write
|
||
|
7FB000
|
stack
|
page read and write
|
||
|
28A0000
|
direct allocation
|
page read and write
|
||
|
43489DD000
|
stack
|
page read and write
|
||
|
E1B000
|
heap
|
page read and write
|
||
|
2D4E000
|
stack
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
7F180000
|
trusted library allocation
|
page read and write
|
||
|
7FFB0C490000
|
unkown
|
page readonly
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
E51000
|
heap
|
page read and write
|
||
|
2A4E000
|
stack
|
page read and write
|
||
|
E60000
|
heap
|
page read and write
|
||
|
293E000
|
direct allocation
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
A40000
|
heap
|
page read and write
|
||
|
D4E000
|
stack
|
page read and write
|
||
|
7FF7973FB000
|
unkown
|
page readonly
|
||
|
2B4C000
|
stack
|
page read and write
|
||
|
2927000
|
direct allocation
|
page read and write
|
||
|
DC0000
|
heap
|
page read and write
|
||
|
E00000
|
heap
|
page read and write
|
||
|
2D83000
|
heap
|
page read and write
|
||
|
296B000
|
direct allocation
|
page read and write
|
||
|
7FFB0C4FE000
|
unkown
|
page readonly
|
||
|
1759AB65000
|
heap
|
page read and write
|
||
|
257F000
|
stack
|
page read and write
|
||
|
4348CFF000
|
stack
|
page read and write
|
||
|
2F39BEF1000
|
heap
|
page read and write
|
||
|
5A8000
|
unkown
|
page write copy
|
||
|
96A000
|
stack
|
page read and write
|
||
|
E0F000
|
heap
|
page read and write
|
||
|
295D000
|
direct allocation
|
page read and write
|
||
|
1759A8B0000
|
heap
|
page read and write
|
||
|
7F160000
|
direct allocation
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
10D0000
|
heap
|
page read and write
|
||
|
7FFB0C51E000
|
unkown
|
page readonly
|
||
|
294D000
|
direct allocation
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
9B0000
|
heap
|
page read and write
|
||
|
E43000
|
heap
|
page read and write
|
||
|
E4F000
|
heap
|
page read and write
|
||
|
2F39EC04000
|
heap
|
page read and write
|
||
|
DFE000
|
heap
|
page read and write
|
||
|
2F39F07F000
|
heap
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
2F3A034F000
|
heap
|
page read and write
|
||
|
1F3F000
|
stack
|
page read and write
|
||
|
896000
|
stack
|
page read and write
|
||
|
28E4000
|
direct allocation
|
page read and write
|
||
|
2989000
|
direct allocation
|
page read and write
|
||
|
7FFB0C51B000
|
unkown
|
page read and write
|
||
|
2F39EF56000
|
heap
|
page read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
DC8000
|
heap
|
page read and write
|
||
|
2ACC000
|
stack
|
page read and write
|
||
|
E21000
|
heap
|
page read and write
|
||
|
2918000
|
direct allocation
|
page read and write
|
||
|
29C3000
|
direct allocation
|
page read and write
|
||
|
10F6000
|
heap
|
page read and write
|
||
|
28BC000
|
direct allocation
|
page read and write
|
||
|
7FFB0C490000
|
unkown
|
page readonly
|
||
|
E29000
|
heap
|
page read and write
|
||
|
336E000
|
stack
|
page read and write
|
||
|
29CA000
|
direct allocation
|
page read and write
|
||
|
E65000
|
heap
|
page read and write
|
||
|
7FFB0C51A000
|
unkown
|
page write copy
|
||
|
7FFB0C51E000
|
unkown
|
page readonly
|
||
|
2F39D82F000
|
heap
|
page read and write
|
||
|
28C6000
|
direct allocation
|
page read and write
|
||
|
2F39DCD9000
|
heap
|
page read and write
|
||
|
2F39E204000
|
heap
|
page read and write
|
||
|
28F5000
|
direct allocation
|
page read and write
|
||
|
311E000
|
stack
|
page read and write
|
||
|
5BB000
|
unkown
|
page read and write
|
||
|
4AFC000
|
stack
|
page read and write
|
||
|
470E000
|
direct allocation
|
page read and write
|
||
|
2F39E206000
|
heap
|
page read and write
|
||
|
7FF7973F1000
|
unkown
|
page execute read
|
||
|
4348C7F000
|
stack
|
page read and write
|
||
|
49BE000
|
stack
|
page read and write
|
||
|
331000
|
unkown
|
page execute read
|
||
|
7FF7973F7000
|
unkown
|
page readonly
|
||
|
2954000
|
direct allocation
|
page read and write
|
||
|
291F000
|
direct allocation
|
page read and write
|
||
|
2F39D93B000
|
heap
|
page read and write
|
||
|
299F000
|
direct allocation
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
5B0000
|
unkown
|
page read and write
|
||
|
4ABF000
|
stack
|
page read and write
|
There are 210 hidden memdumps, click here to show them.