Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3507071243740008011.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nsaD5CD.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\Itchreed.Cur
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\Strobilation.Tru
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\img-1.jpg
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 999x605, components
3
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\nannie.tek
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\nonpendency.age
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\rimsmeds.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\pechay\transskribere\jon\Ossicular\skreddene.spo
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\3507071243740008011.exe
|
"C:\Users\user\Desktop\3507071243740008011.exe"
|
|
|
|
C:\Users\user\Desktop\3507071243740008011.exe
|
"C:\Users\user\Desktop\3507071243740008011.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://www.ftp.ftp://ftp.gopher.
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://alfacen.com/
|
unknown
|
||
|
https://alfacen.com/jFhxxDhhDcCKVgiwlWM221.bin
|
193.107.36.30
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
alfacen.com
|
193.107.36.30
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
193.107.36.30
|
alfacen.com
|
Bulgaria
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\CLI\Start
|
CLI start
|
||
|
HKEY_CURRENT_USER\Ailurophilia\Pectinidae
|
Lacqueying
|
||
|
HKEY_CURRENT_USER\Eksportforbuddets\Uninstall\telltruth\suede
|
frihandlens
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Service
|
System_Check
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Service
|
System_Check
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5438000
|
direct allocation
|
page execute and read and write
|
|
|
|
3663D000
|
stack
|
page read and write
|
||
|
6B43000
|
heap
|
page read and write
|
||
|
610000
|
direct allocation
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
1818000
|
remote allocation
|
page execute and read and write
|
||
|
6B34000
|
heap
|
page read and write
|
||
|
6B43000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6B64000
|
heap
|
page read and write
|
||
|
6D10000
|
direct allocation
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
69F0000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
2A80000
|
direct allocation
|
page execute and read and write
|
||
|
600000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5E18000
|
remote allocation
|
page execute and read and write
|
||
|
37072000
|
direct allocation
|
page execute and read and write
|
||
|
284F000
|
stack
|
page read and write
|
||
|
212E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
620000
|
direct allocation
|
page read and write
|
||
|
626000
|
unkown
|
page execute read
|
||
|
6AE0000
|
heap
|
page read and write
|
||
|
36FFD000
|
direct allocation
|
page execute and read and write
|
||
|
6D20000
|
direct allocation
|
page read and write
|
||
|
2215000
|
heap
|
page read and write
|
||
|
6B4B000
|
heap
|
page read and write
|
||
|
6B45000
|
heap
|
page read and write
|
||
|
2C18000
|
remote allocation
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
3657E000
|
stack
|
page read and write
|
||
|
36ECE000
|
direct allocation
|
page execute and read and write
|
||
|
6BA8000
|
heap
|
page read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
46A000
|
unkown
|
page readonly
|
||
|
6D00000
|
direct allocation
|
page read and write
|
||
|
436000
|
unkown
|
page read and write
|
||
|
6D60000
|
direct allocation
|
page read and write
|
||
|
6B5F000
|
heap
|
page read and write
|
||
|
5E8000
|
unkown
|
page execute read
|
||
|
2270000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5F0000
|
direct allocation
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
5E38000
|
direct allocation
|
page execute and read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
6B9D000
|
heap
|
page read and write
|
||
|
6B58000
|
heap
|
page read and write
|
||
|
369BD000
|
stack
|
page read and write
|
||
|
36E5D000
|
direct allocation
|
page execute and read and write
|
||
|
6D40000
|
direct allocation
|
page read and write
|
||
|
6AD4000
|
heap
|
page read and write
|
||
|
36140000
|
direct allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6C6F000
|
stack
|
page read and write
|
||
|
366BE000
|
stack
|
page read and write
|
||
|
71000
|
heap
|
page read and write
|
||
|
37001000
|
direct allocation
|
page execute and read and write
|
||
|
4A18000
|
remote allocation
|
page execute and read and write
|
||
|
368BE000
|
stack
|
page read and write
|
||
|
6B63000
|
heap
|
page read and write
|
||
|
366FF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6D70000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5F0000
|
unkown
|
page execute read
|
||
|
6BA8000
|
heap
|
page read and write
|
||
|
6AD4000
|
heap
|
page read and write
|
||
|
369C0000
|
direct allocation
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
367F0000
|
remote allocation
|
page read and write
|
||
|
369C6000
|
heap
|
page read and write
|
||
|
3678F000
|
stack
|
page read and write
|
||
|
369C0000
|
direct allocation
|
page read and write
|
||
|
367F0000
|
remote allocation
|
page read and write
|
||
|
2304000
|
heap
|
page read and write
|
||
|
36D30000
|
direct allocation
|
page execute and read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
36150000
|
direct allocation
|
page read and write
|
||
|
2218000
|
remote allocation
|
page execute and read and write
|
||
|
5E6000
|
unkown
|
page execute read
|
||
|
6B4B000
|
heap
|
page read and write
|
||
|
649000
|
unkown
|
page execute read
|
||
|
630000
|
direct allocation
|
page read and write
|
||
|
6BA0000
|
heap
|
page read and write
|
||
|
6838000
|
direct allocation
|
page execute and read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
36B7C000
|
heap
|
page read and write
|
||
|
640000
|
direct allocation
|
page read and write
|
||
|
46A000
|
unkown
|
page readonly
|
||
|
5EE000
|
unkown
|
page execute read
|
||
|
5418000
|
remote allocation
|
page execute and read and write
|
||
|
274F000
|
stack
|
page read and write
|
||
|
6AD0000
|
heap
|
page read and write
|
||
|
76E000
|
heap
|
page read and write
|
||
|
365BE000
|
stack
|
page read and write
|
||
|
6B5F000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page execute read
|
||
|
36130000
|
direct allocation
|
page read and write
|
||
|
36E59000
|
direct allocation
|
page execute and read and write
|
||
|
3682E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3638000
|
direct allocation
|
page execute and read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
6B9D000
|
heap
|
page read and write
|
||
|
6AF8000
|
heap
|
page read and write
|
||
|
36CA5000
|
heap
|
page read and write
|
||
|
7238000
|
direct allocation
|
page execute and read and write
|
||
|
590000
|
direct allocation
|
page read and write
|
||
|
6B9D000
|
heap
|
page read and write
|
||
|
4A38000
|
direct allocation
|
page execute and read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
5D0000
|
direct allocation
|
page read and write
|
||
|
71000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
6B58000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
365FD000
|
stack
|
page read and write
|
||
|
46A000
|
unkown
|
page readonly
|
||
|
6B58000
|
heap
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
6C2E000
|
stack
|
page read and write
|
||
|
6BA0000
|
heap
|
page read and write
|
||
|
36160000
|
direct allocation
|
page read and write
|
||
|
21AE000
|
stack
|
page read and write
|
||
|
2C38000
|
direct allocation
|
page execute and read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
468000
|
unkown
|
page read and write
|
||
|
4038000
|
direct allocation
|
page execute and read and write
|
||
|
2260000
|
heap
|
page read and write
|
||
|
6B9D000
|
heap
|
page read and write
|
||
|
6D30000
|
direct allocation
|
page read and write
|
||
|
580000
|
direct allocation
|
page read and write
|
||
|
6AD4000
|
heap
|
page read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
3618000
|
remote allocation
|
page execute and read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
78B000
|
heap
|
page read and write
|
||
|
36AE9000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5A0000
|
direct allocation
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
6BA8000
|
heap
|
page read and write
|
||
|
738000
|
heap
|
page read and write
|
||
|
79A000
|
heap
|
page read and write
|
||
|
3674E000
|
stack
|
page read and write
|
||
|
7C38000
|
direct allocation
|
page execute and read and write
|
||
|
4018000
|
remote allocation
|
page execute and read and write
|
||
|
6D50000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
direct allocation
|
page read and write
|
||
|
3686F000
|
stack
|
page read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
3653F000
|
stack
|
page read and write
|
||
|
6B64000
|
heap
|
page read and write
|
||
|
6B60000
|
heap
|
page read and write
|
||
|
6AF0000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
36CA9000
|
heap
|
page read and write
|
||
|
5E4000
|
unkown
|
page execute read
|
||
|
5EC000
|
unkown
|
page execute read
|
||
|
6B4B000
|
heap
|
page read and write
|
||
|
364FE000
|
stack
|
page read and write
|
||
|
6CEF000
|
stack
|
page read and write
|
||
|
367F0000
|
remote allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6B1D000
|
heap
|
page read and write
|
||
|
5EA000
|
unkown
|
page execute read
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
78D000
|
heap
|
page read and write
|
||
|
6B9C000
|
heap
|
page read and write
|
||
|
6818000
|
remote allocation
|
page execute and read and write
|
||
|
36120000
|
direct allocation
|
page read and write
|
||
|
36A10000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
36D1A000
|
heap
|
page read and write
|
There are 174 hidden memdumps, click here to show them.