Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rTransferenciarealizada451236.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nso93F1.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Anklages.bod
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sjipnings.Bou
|
ASCII text, with very long lines (65536), with no line terminators
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\beggarliness.rab
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\besindelse.del
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\bevidsthedsudvidelsen.und
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\phonetism.ham
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 0.000000, slope 8192.000000
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\skovtursstemningernes.and
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Sprechstallmeisters\telcontar.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\Windsorstols.Amb
|
data
|
dropped
|
||
|
C:\Users\user\entomostraca\nonmissionary\ankomsttidernes.obs
|
DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration:
offset 0.000000, slope 8637644800.000000
|
dropped
|
||
|
C:\Windows\Resources\nringsmiddelet.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rTransferenciarealizada451236.exe
|
"C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
|
|
|
|
C:\Users\user\Desktop\rTransferenciarealizada451236.exe
|
"C:\Users\user\Desktop\rTransferenciarealizada451236.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
https://www.google.com
|
unknown
|
||
|
http://www.ftp.ftp://ftp.gopher.
|
unknown
|
||
|
https://drive.usercontent.google.com/
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
https://apis.google.com
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://drive.google.com/
|
unknown
|
||
|
https://drive.usercontent.google.com/d
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
drive.google.com
|
142.250.186.142
|
||
|
drive.usercontent.google.com
|
142.250.185.193
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
142.250.185.193
|
drive.usercontent.google.com
|
United States
|
||
|
142.250.186.142
|
drive.google.com
|
United States
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3B5D000
|
direct allocation
|
page execute and read and write
|
|
|
|
6F0000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
direct allocation
|
page read and write
|
||
|
3AC8000
|
heap
|
page read and write
|
||
|
3A65000
|
heap
|
page read and write
|
||
|
3C0D000
|
stack
|
page read and write
|
||
|
443000
|
unkown
|
page readonly
|
||
|
5B0000
|
direct allocation
|
page read and write
|
||
|
3388C000
|
heap
|
page read and write
|
||
|
3A73000
|
heap
|
page read and write
|
||
|
70000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
33AC0000
|
direct allocation
|
page execute and read and write
|
||
|
33913000
|
heap
|
page read and write
|
||
|
211E000
|
stack
|
page read and write
|
||
|
3A75000
|
heap
|
page read and write
|
||
|
710000
|
direct allocation
|
page read and write
|
||
|
39B0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
403000
|
unkown
|
page write copy
|
||
|
5E8000
|
unkown
|
page write copy
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
5E4000
|
unkown
|
page write copy
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
25DE000
|
stack
|
page read and write
|
||
|
3A7F000
|
heap
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3050000
|
direct allocation
|
page execute and read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
216D000
|
remote allocation
|
page execute and read and write
|
||
|
38A7000
|
heap
|
page read and write
|
||
|
490000
|
direct allocation
|
page read and write
|
||
|
3A77000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
3AC8000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
4F5D000
|
direct allocation
|
page execute and read and write
|
||
|
440000
|
unkown
|
page read and write
|
||
|
5EE000
|
unkown
|
page write copy
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
3A7F000
|
heap
|
page read and write
|
||
|
33C5E000
|
direct allocation
|
page execute and read and write
|
||
|
39E0000
|
direct allocation
|
page read and write
|
||
|
39F0000
|
direct allocation
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
4B0000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
3980000
|
direct allocation
|
page read and write
|
||
|
3A65000
|
heap
|
page read and write
|
||
|
3A8B000
|
heap
|
page read and write
|
||
|
3A8B000
|
heap
|
page read and write
|
||
|
3A6F000
|
heap
|
page read and write
|
||
|
3A73000
|
heap
|
page read and write
|
||
|
3A6F000
|
heap
|
page read and write
|
||
|
5D0000
|
direct allocation
|
page read and write
|
||
|
2733000
|
heap
|
page read and write
|
||
|
443000
|
unkown
|
page readonly
|
||
|
2F60000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page write copy
|
||
|
3A18000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
315D000
|
direct allocation
|
page execute and read and write
|
||
|
273A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3A86000
|
heap
|
page read and write
|
||
|
443000
|
unkown
|
page readonly
|
||
|
5E6000
|
unkown
|
page write copy
|
||
|
3A00000
|
direct allocation
|
page read and write
|
||
|
221F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
26DF000
|
stack
|
page read and write
|
||
|
3A86000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
5E8000
|
heap
|
page read and write
|
||
|
33590000
|
remote allocation
|
page read and write
|
||
|
3A67000
|
heap
|
page read and write
|
||
|
33769000
|
heap
|
page read and write
|
||
|
3B10000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
3C60000
|
heap
|
page read and write
|
||
|
33E02000
|
direct allocation
|
page execute and read and write
|
||
|
5EA000
|
unkown
|
page write copy
|
||
|
20C0000
|
heap
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page write copy
|
||
|
33590000
|
remote allocation
|
page read and write
|
||
|
71000
|
heap
|
page read and write
|
||
|
3360F000
|
stack
|
page read and write
|
||
|
4A0000
|
direct allocation
|
page read and write
|
||
|
3A75000
|
heap
|
page read and write
|
||
|
2731000
|
heap
|
page read and write
|
||
|
3A7F000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page read and write
|
||
|
3A88000
|
heap
|
page read and write
|
||
|
3A55000
|
heap
|
page read and write
|
||
|
2B6D000
|
remote allocation
|
page execute and read and write
|
||
|
3A86000
|
heap
|
page read and write
|
||
|
335CE000
|
stack
|
page read and write
|
||
|
33D8D000
|
direct allocation
|
page execute and read and write
|
||
|
33AB1000
|
heap
|
page read and write
|
||
|
5A0000
|
direct allocation
|
page read and write
|
||
|
3B30000
|
direct allocation
|
page read and write
|
||
|
2F5F000
|
heap
|
page read and write
|
||
|
176D000
|
remote allocation
|
page execute and read and write
|
||
|
273B000
|
heap
|
page read and write
|
||
|
3AC8000
|
heap
|
page read and write
|
||
|
273E000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3A73000
|
heap
|
page read and write
|
||
|
2730000
|
heap
|
page read and write
|
||
|
3A8B000
|
heap
|
page read and write
|
||
|
3A77000
|
heap
|
page read and write
|
||
|
2F5F000
|
heap
|
page read and write
|
||
|
17A000
|
stack
|
page read and write
|
||
|
3A77000
|
heap
|
page read and write
|
||
|
1049000
|
unkown
|
page write copy
|
||
|
429000
|
unkown
|
page read and write
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
61F000
|
heap
|
page read and write
|
||
|
3A8B000
|
heap
|
page read and write
|
||
|
3347F000
|
stack
|
page read and write
|
||
|
3770000
|
heap
|
page read and write
|
||
|
3A88000
|
heap
|
page read and write
|
||
|
649000
|
unkown
|
page write copy
|
||
|
2250000
|
heap
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
2739000
|
heap
|
page read and write
|
||
|
455D000
|
direct allocation
|
page execute and read and write
|
||
|
3A88000
|
heap
|
page read and write
|
||
|
3B20000
|
direct allocation
|
page read and write
|
||
|
3990000
|
direct allocation
|
page read and write
|
||
|
170000
|
direct allocation
|
page read and write
|
||
|
3A6F000
|
heap
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
5EC000
|
unkown
|
page write copy
|
||
|
43A000
|
unkown
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
39A0000
|
direct allocation
|
page read and write
|
||
|
433000
|
unkown
|
page read and write
|
||
|
356D000
|
remote allocation
|
page execute and read and write
|
||
|
3AC8000
|
heap
|
page read and write
|
||
|
480000
|
direct allocation
|
page read and write
|
||
|
33D91000
|
direct allocation
|
page execute and read and write
|
||
|
39C0000
|
direct allocation
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
39D0000
|
direct allocation
|
page read and write
|
||
|
33490000
|
heap
|
page read and write
|
||
|
33A3C000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2738000
|
heap
|
page read and write
|
||
|
33A40000
|
heap
|
page read and write
|
||
|
3343E000
|
stack
|
page read and write
|
||
|
38A5000
|
heap
|
page read and write
|
||
|
700000
|
direct allocation
|
page read and write
|
||
|
33BED000
|
direct allocation
|
page execute and read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
38A0000
|
heap
|
page read and write
|
||
|
33BE9000
|
direct allocation
|
page execute and read and write
|
||
|
3890000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
3A75000
|
heap
|
page read and write
|
||
|
2734000
|
heap
|
page read and write
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
33590000
|
remote allocation
|
page read and write
|
||
|
5F0000
|
unkown
|
page write copy
|
||
|
3C4D000
|
stack
|
page read and write
|
There are 162 hidden memdumps, click here to show them.