Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\is-KP2VF.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-KP2VF.tmp\idp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\is-UPQ01.tmp\file.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
||
C:\Users\user\AppData\Local\Temp\is-UPQ01.tmp\file.tmp
|
"C:\Users\user\AppData\Local\Temp\is-UPQ01.tmp\file.tmp" /SL5="$20406,922170,832512,C:\Users\user\Desktop\file.exe"
|
||
C:\Windows\SysWOW64\cmd.exe
|
"C:\Windows\system32\cmd.exe" /C ""C:\Users\user\AppData\Local\Temp\is-KP2VF.tmp\geed.bat""
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
https://pleasuresky.xyz/osoft
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=51166691l
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=51166691D4
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=51166691Authority
|
unknown
|
||
https://www.remobjects.com/ps
|
unknown
|
||
https://www.innosetup.com/
|
unknown
|
||
https://pleasuresky.xyz/
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=511666918
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=51166691yv
|
unknown
|
||
https://pleasuresky.xyz/e
|
unknown
|
||
http://bitbucket.org/mitrich_k/inno-download-plugin
|
unknown
|
||
https://pleasuresky.xyz/pe/start/index.php?a=2927&p=4143&t=51166691
|
104.21.29.144
|
||
http://mitrichsoftware.wordpress.comB
|
unknown
|
There are 4 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
pleasuresky.xyz
|
104.21.29.144
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.21.29.144
|
pleasuresky.xyz
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
34BA000
|
direct allocation
|
page read and write
|
||
34A0000
|
heap
|
page read and write
|
||
6D1000
|
unkown
|
page read and write
|
||
2222000
|
direct allocation
|
page read and write
|
||
22A5000
|
direct allocation
|
page read and write
|
||
6CE000
|
unkown
|
page read and write
|
||
7FE35000
|
direct allocation
|
page read and write
|
||
C92000
|
direct allocation
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
C4A000
|
direct allocation
|
page read and write
|
||
D33000
|
direct allocation
|
page read and write
|
||
999000
|
heap
|
page read and write
|
||
8F0000
|
heap
|
page read and write
|
||
2279000
|
direct allocation
|
page read and write
|
||
865000
|
heap
|
page read and write
|
||
CBD000
|
direct allocation
|
page read and write
|
||
C58000
|
direct allocation
|
page read and write
|
||
5FE000
|
stack
|
page read and write
|
||
C5F000
|
direct allocation
|
page read and write
|
||
9B1000
|
heap
|
page read and write
|
||
4700000
|
remote allocation
|
page read and write
|
||
436F000
|
stack
|
page read and write
|
||
6DE000
|
unkown
|
page readonly
|
||
910000
|
heap
|
page read and write
|
||
9B7000
|
heap
|
page read and write
|
||
22C2000
|
direct allocation
|
page read and write
|
||
2321000
|
direct allocation
|
page read and write
|
||
9C2000
|
heap
|
page read and write
|
||
99B000
|
heap
|
page read and write
|
||
2246000
|
direct allocation
|
page read and write
|
||
352C000
|
stack
|
page read and write
|
||
4C4000
|
unkown
|
page readonly
|
||
999000
|
heap
|
page read and write
|
||
401000
|
unkown
|
page execute read
|
||
2297000
|
direct allocation
|
page read and write
|
||
3620000
|
heap
|
page read and write
|
||
9A2000
|
heap
|
page read and write
|
||
720000
|
heap
|
page read and write
|
||
2313000
|
direct allocation
|
page read and write
|
||
996000
|
heap
|
page read and write
|
||
9C8000
|
heap
|
page read and write
|
||
975000
|
heap
|
page read and write
|
||
860000
|
heap
|
page read and write
|
||
970000
|
heap
|
page read and write
|
||
CD4000
|
direct allocation
|
page read and write
|
||
C10000
|
direct allocation
|
page read and write
|
||
9C2000
|
heap
|
page read and write
|
||
26A3000
|
heap
|
page read and write
|
||
6C0000
|
heap
|
page read and write
|
||
9D6000
|
heap
|
page read and write
|
||
230C000
|
direct allocation
|
page read and write
|
||
9A7000
|
heap
|
page read and write
|
||
2682000
|
direct allocation
|
page read and write
|
||
9D5000
|
heap
|
page read and write
|
||
2680000
|
direct allocation
|
page read and write
|
||
8AE000
|
stack
|
page read and write
|
||
94F000
|
stack
|
page read and write
|
||
C18000
|
direct allocation
|
page read and write
|
||
45EE000
|
stack
|
page read and write
|
||
63E000
|
stack
|
page read and write
|
||
22D1000
|
direct allocation
|
page read and write
|
||
9CE000
|
heap
|
page read and write
|
||
37C7000
|
direct allocation
|
page read and write
|
||
CF1000
|
direct allocation
|
page read and write
|
||
2570000
|
direct allocation
|
page read and write
|
||
22AC000
|
direct allocation
|
page read and write
|
||
995000
|
heap
|
page read and write
|
||
9CB000
|
heap
|
page read and write
|
||
2668000
|
direct allocation
|
page read and write
|
||
CAC000
|
direct allocation
|
page read and write
|
||
9A4000
|
heap
|
page read and write
|
||
4B9000
|
unkown
|
page read and write
|
||
680000
|
heap
|
page read and write
|
||
9C6000
|
heap
|
page read and write
|
||
18F000
|
stack
|
page read and write
|
||
9D5000
|
heap
|
page read and write
|
||
37A9000
|
direct allocation
|
page read and write
|
||
9B1000
|
heap
|
page read and write
|
||
C0F000
|
stack
|
page read and write
|
||
CE2000
|
direct allocation
|
page read and write
|
||
19D000
|
stack
|
page read and write
|
||
37BD000
|
direct allocation
|
page read and write
|
||
22EF000
|
direct allocation
|
page read and write
|
||
99000
|
stack
|
page read and write
|
||
416D000
|
stack
|
page read and write
|
||
9B4000
|
heap
|
page read and write
|
||
34B1000
|
direct allocation
|
page read and write
|
||
976000
|
heap
|
page read and write
|
||
758000
|
heap
|
page read and write
|
||
6E0000
|
unkown
|
page readonly
|
||
400000
|
unkown
|
page readonly
|
||
231A000
|
direct allocation
|
page read and write
|
||
6D9000
|
unkown
|
page write copy
|
||
9DC000
|
heap
|
page read and write
|
||
D99000
|
heap
|
page read and write
|
||
CCD000
|
direct allocation
|
page read and write
|
||
2287000
|
direct allocation
|
page read and write
|
||
225C000
|
direct allocation
|
page read and write
|
||
9C6000
|
heap
|
page read and write
|
||
CAF000
|
direct allocation
|
page read and write
|
||
CA0000
|
direct allocation
|
page read and write
|
||
366E000
|
stack
|
page read and write
|
||
9D8000
|
heap
|
page read and write
|
||
97C000
|
heap
|
page read and write
|
||
710000
|
heap
|
page read and write
|
||
44AE000
|
stack
|
page read and write
|
||
9C8000
|
heap
|
page read and write
|
||
37B1000
|
direct allocation
|
page read and write
|
||
2238000
|
direct allocation
|
page read and write
|
||
2280000
|
direct allocation
|
page read and write
|
||
D95000
|
heap
|
page read and write
|
||
D90000
|
heap
|
page read and write
|
||
45AE000
|
stack
|
page read and write
|
||
83E000
|
stack
|
page read and write
|
||
473E000
|
stack
|
page read and write
|
||
999000
|
heap
|
page read and write
|
||
C8B000
|
direct allocation
|
page read and write
|
||
9B3000
|
heap
|
page read and write
|
||
229E000
|
direct allocation
|
page read and write
|
||
C43000
|
direct allocation
|
page read and write
|
||
2263000
|
direct allocation
|
page read and write
|
||
2328000
|
direct allocation
|
page read and write
|
||
D0F000
|
direct allocation
|
page read and write
|
||
CDB000
|
direct allocation
|
page read and write
|
||
2290000
|
direct allocation
|
page read and write
|
||
46EF000
|
stack
|
page read and write
|
||
22E8000
|
direct allocation
|
page read and write
|
||
2570000
|
direct allocation
|
page read and write
|
||
A4F000
|
stack
|
page read and write
|
||
3870000
|
direct allocation
|
page read and write
|
||
4700000
|
remote allocation
|
page read and write
|
||
D2C000
|
direct allocation
|
page read and write
|
||
2272000
|
direct allocation
|
page read and write
|
||
34A0000
|
direct allocation
|
page read and write
|
||
9CE000
|
heap
|
page read and write
|
||
4C2000
|
unkown
|
page write copy
|
||
2680000
|
direct allocation
|
page read and write
|
||
703000
|
unkown
|
page readonly
|
||
D80000
|
heap
|
page read and write
|
||
26A0000
|
heap
|
page read and write
|
||
4B7000
|
unkown
|
page write copy
|
||
35CE000
|
stack
|
page read and write
|
||
4B7000
|
unkown
|
page read and write
|
||
D41000
|
direct allocation
|
page read and write
|
||
3625000
|
heap
|
page read and write
|
||
996000
|
heap
|
page read and write
|
||
9AD000
|
heap
|
page read and write
|
||
22F6000
|
direct allocation
|
page read and write
|
||
918000
|
heap
|
page read and write
|
||
34D6000
|
direct allocation
|
page read and write
|
||
D24000
|
direct allocation
|
page read and write
|
||
D3A000
|
direct allocation
|
page read and write
|
||
220A000
|
direct allocation
|
page read and write
|
||
2255000
|
direct allocation
|
page read and write
|
||
9BE000
|
heap
|
page read and write
|
||
CEA000
|
direct allocation
|
page read and write
|
||
995000
|
heap
|
page read and write
|
||
6A0000
|
heap
|
page read and write
|
||
446F000
|
stack
|
page read and write
|
||
9A2000
|
heap
|
page read and write
|
||
4E0000
|
heap
|
page read and write
|
||
640000
|
heap
|
page read and write
|
||
6D6000
|
unkown
|
page read and write
|
||
34C0000
|
direct allocation
|
page read and write
|
||
426D000
|
stack
|
page read and write
|
||
9C6000
|
heap
|
page read and write
|
||
750000
|
heap
|
page read and write
|
||
982000
|
heap
|
page read and write
|
||
99B000
|
heap
|
page read and write
|
||
999000
|
heap
|
page read and write
|
||
982000
|
heap
|
page read and write
|
||
9DC000
|
heap
|
page read and write
|
||
9AD000
|
heap
|
page read and write
|
||
22D8000
|
direct allocation
|
page read and write
|
||
99E000
|
heap
|
page read and write
|
||
9CE000
|
heap
|
page read and write
|
||
840000
|
heap
|
page read and write
|
||
D08000
|
direct allocation
|
page read and write
|
||
6C7000
|
unkown
|
page write copy
|
||
C51000
|
direct allocation
|
page read and write
|
||
356E000
|
stack
|
page read and write
|
||
D1D000
|
direct allocation
|
page read and write
|
||
9B000
|
stack
|
page read and write
|
||
400000
|
unkown
|
page readonly
|
||
CB6000
|
direct allocation
|
page read and write
|
||
3799000
|
direct allocation
|
page read and write
|
||
9B0000
|
heap
|
page read and write
|
||
9A9000
|
heap
|
page read and write
|
||
C1B000
|
direct allocation
|
page read and write
|
||
9CB000
|
heap
|
page read and write
|
||
9AC000
|
heap
|
page read and write
|
||
2304000
|
direct allocation
|
page read and write
|
||
986000
|
heap
|
page read and write
|
||
9C2000
|
heap
|
page read and write
|
||
224E000
|
direct allocation
|
page read and write
|
||
4700000
|
remote allocation
|
page read and write
|
||
99E000
|
heap
|
page read and write
|
||
9A4000
|
heap
|
page read and write
|
||
B0F000
|
stack
|
page read and write
|
||
C99000
|
direct allocation
|
page read and write
|
||
4C0000
|
unkown
|
page read and write
|
||
9CB000
|
heap
|
page read and write
|
||
6C7000
|
unkown
|
page read and write
|
||
99F000
|
heap
|
page read and write
|
||
C66000
|
direct allocation
|
page read and write
|
||
C6E000
|
direct allocation
|
page read and write
|
||
CC4000
|
direct allocation
|
page read and write
|
||
D16000
|
direct allocation
|
page read and write
|
||
2231000
|
direct allocation
|
page read and write
|
||
999000
|
heap
|
page read and write
|
||
C3B000
|
direct allocation
|
page read and write
|
||
22FD000
|
direct allocation
|
page read and write
|
||
7FB40000
|
direct allocation
|
page read and write
|
||
2CA0000
|
trusted library allocation
|
page read and write
|
||
34E0000
|
heap
|
page read and write
|
||
9D5000
|
heap
|
page read and write
|
||
483F000
|
stack
|
page read and write
|
||
34C3000
|
direct allocation
|
page read and write
|
||
9A2000
|
heap
|
page read and write
|
||
900000
|
direct allocation
|
page execute and read and write
|
||
226A000
|
direct allocation
|
page read and write
|
||
9A4000
|
heap
|
page read and write
|
||
222A000
|
direct allocation
|
page read and write
|
||
223F000
|
direct allocation
|
page read and write
|
||
6C9000
|
unkown
|
page read and write
|
||
D48000
|
direct allocation
|
page read and write
|
||
9C8000
|
heap
|
page read and write
|
||
3870000
|
heap
|
page read and write
|
||
4C6000
|
unkown
|
page readonly
|
There are 219 hidden memdumps, click here to show them.