Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\ISDone.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\QIcon.ico
|
MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
48x48, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\UIcon.ico
|
MS Windows icon resource - 5 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel,
48x48, 32 bits/pixel
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\WinTB.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\_isetup\_shfoldr.dll
|
PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\idp.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-L4NFS.tmp\image.bmp
|
PC bitmap, Windows 3.x format, 600 x 300 x 24, image size 540002, resolution 11811 x 11811 px/m, cbSize 540056, bits offset
54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-U98SO.tmp\Setup.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Setup.exe
|
"C:\Users\user\Desktop\Setup.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-U98SO.tmp\Setup.tmp
|
"C:\Users\user\AppData\Local\Temp\is-U98SO.tmp\Setup.tmp" /SL5="$2046C,4323117,283648,C:\Users\user\Desktop\Setup.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.innosetup.com/
|
unknown
|
||
|
http://restools.hanzify.org/
|
unknown
|
||
|
http://bitbucket.org/mitrich_k/inno-download-plugin
|
unknown
|
||
|
http://www.remobjects.com/ps
|
unknown
|
||
|
https://aka.ms/vs/16/release/vc_redist.x64.exe
|
unknown
|
||
|
http://mitrichsoftware.wordpress.comB
|
unknown
|
||
|
http://www.dk-soft.org/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
36C8000
|
direct allocation
|
page read and write
|
||
|
2338000
|
direct allocation
|
page read and write
|
||
|
2331000
|
direct allocation
|
page read and write
|
||
|
32E1000
|
unkown
|
page execute read
|
||
|
41E000
|
unkown
|
page write copy
|
||
|
32D4000
|
unkown
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
227F000
|
direct allocation
|
page read and write
|
||
|
935000
|
heap
|
page read and write
|
||
|
2230000
|
direct allocation
|
page read and write
|
||
|
3326000
|
unkown
|
page write copy
|
||
|
2251000
|
direct allocation
|
page read and write
|
||
|
3740000
|
direct allocation
|
page read and write
|
||
|
233F000
|
direct allocation
|
page read and write
|
||
|
223E000
|
direct allocation
|
page read and write
|
||
|
228D000
|
direct allocation
|
page read and write
|
||
|
227C000
|
direct allocation
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
3260000
|
direct allocation
|
page read and write
|
||
|
2235000
|
heap
|
page read and write
|
||
|
417000
|
unkown
|
page write copy
|
||
|
229D000
|
direct allocation
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
34F8000
|
direct allocation
|
page read and write
|
||
|
480000
|
heap
|
page read and write
|
||
|
334D000
|
unkown
|
page read and write
|
||
|
92E000
|
heap
|
page read and write
|
||
|
3301000
|
unkown
|
page write copy
|
||
|
22A6000
|
direct allocation
|
page read and write
|
||
|
34A5000
|
direct allocation
|
page read and write
|
||
|
34C3000
|
direct allocation
|
page read and write
|
||
|
2606000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
680000
|
heap
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
2296000
|
direct allocation
|
page read and write
|
||
|
22DD000
|
direct allocation
|
page read and write
|
||
|
32D8000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
22E8000
|
direct allocation
|
page read and write
|
||
|
2306000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1381E000
|
stack
|
page read and write
|
||
|
2239000
|
heap
|
page read and write
|
||
|
7FCC0000
|
direct allocation
|
page read and write
|
||
|
230D000
|
direct allocation
|
page read and write
|
||
|
2270000
|
direct allocation
|
page read and write
|
||
|
25D3000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
8CE000
|
heap
|
page read and write
|
||
|
2218000
|
direct allocation
|
page read and write
|
||
|
2570000
|
direct allocation
|
page read and write
|
||
|
7FE42000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3532000
|
direct allocation
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
34B3000
|
direct allocation
|
page read and write
|
||
|
58D000
|
unkown
|
page readonly
|
||
|
933000
|
heap
|
page read and write
|
||
|
2283000
|
direct allocation
|
page read and write
|
||
|
3522000
|
direct allocation
|
page read and write
|
||
|
3440000
|
unkown
|
page readonly
|
||
|
870000
|
heap
|
page read and write
|
||
|
1FF0000
|
heap
|
page read and write
|
||
|
22F0000
|
direct allocation
|
page read and write
|
||
|
3300000
|
unkown
|
page read and write
|
||
|
2291000
|
direct allocation
|
page read and write
|
||
|
22F2000
|
direct allocation
|
page read and write
|
||
|
231B000
|
direct allocation
|
page read and write
|
||
|
2245000
|
direct allocation
|
page read and write
|
||
|
8CA000
|
heap
|
page read and write
|
||
|
3370000
|
heap
|
page read and write
|
||
|
2262000
|
direct allocation
|
page read and write
|
||
|
225F000
|
direct allocation
|
page read and write
|
||
|
3590000
|
direct allocation
|
page read and write
|
||
|
32A1000
|
unkown
|
page execute read
|
||
|
235C000
|
direct allocation
|
page read and write
|
||
|
18F000
|
stack
|
page read and write
|
||
|
332A000
|
unkown
|
page read and write
|
||
|
67A000
|
heap
|
page read and write
|
||
|
740000
|
heap
|
page read and write
|
||
|
332B000
|
unkown
|
page write copy
|
||
|
3553000
|
direct allocation
|
page read and write
|
||
|
421000
|
unkown
|
page readonly
|
||
|
55E000
|
unkown
|
page readonly
|
||
|
2254000
|
direct allocation
|
page read and write
|
||
|
2601000
|
direct allocation
|
page read and write
|
||
|
225B000
|
direct allocation
|
page read and write
|
||
|
25B0000
|
heap
|
page read and write
|
||
|
2322000
|
direct allocation
|
page read and write
|
||
|
34D3000
|
direct allocation
|
page read and write
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
555000
|
unkown
|
page read and write
|
||
|
746000
|
heap
|
page read and write
|
||
|
2363000
|
direct allocation
|
page read and write
|
||
|
22FF000
|
direct allocation
|
page read and write
|
||
|
22EB000
|
direct allocation
|
page read and write
|
||
|
54D000
|
unkown
|
page write copy
|
||
|
3518000
|
direct allocation
|
page read and write
|
||
|
2266000
|
direct allocation
|
page read and write
|
||
|
558000
|
unkown
|
page write copy
|
||
|
2570000
|
direct allocation
|
page read and write
|
||
|
3380000
|
heap
|
page read and write
|
||
|
90C000
|
heap
|
page read and write
|
||
|
880000
|
direct allocation
|
page execute and read and write
|
||
|
2314000
|
direct allocation
|
page read and write
|
||
|
22B3000
|
direct allocation
|
page read and write
|
||
|
3351000
|
unkown
|
page read and write
|
||
|
226D000
|
direct allocation
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
3500000
|
direct allocation
|
page read and write
|
||
|
54D000
|
unkown
|
page read and write
|
||
|
228A000
|
direct allocation
|
page read and write
|
||
|
914000
|
heap
|
page read and write
|
||
|
3509000
|
direct allocation
|
page read and write
|
||
|
551000
|
unkown
|
page read and write
|
||
|
22FD000
|
direct allocation
|
page read and write
|
||
|
2269000
|
direct allocation
|
page read and write
|
||
|
2570000
|
direct allocation
|
page read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
2371000
|
direct allocation
|
page read and write
|
||
|
355B000
|
direct allocation
|
page read and write
|
||
|
135A0000
|
direct allocation
|
page read and write
|
||
|
22E4000
|
direct allocation
|
page read and write
|
||
|
136DE000
|
stack
|
page read and write
|
||
|
22AB000
|
direct allocation
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
21A0000
|
heap
|
page read and write
|
||
|
22A4000
|
direct allocation
|
page read and write
|
||
|
930000
|
heap
|
page read and write
|
||
|
41C000
|
unkown
|
page read and write
|
||
|
22C5000
|
direct allocation
|
page read and write
|
||
|
35A0000
|
direct allocation
|
page read and write
|
||
|
2242000
|
direct allocation
|
page read and write
|
||
|
417000
|
unkown
|
page read and write
|
||
|
2378000
|
direct allocation
|
page read and write
|
||
|
3375000
|
heap
|
page read and write
|
||
|
3442000
|
unkown
|
page readonly
|
||
|
234D000
|
direct allocation
|
page read and write
|
||
|
356A000
|
direct allocation
|
page read and write
|
||
|
32A0000
|
unkown
|
page readonly
|
||
|
2323000
|
direct allocation
|
page read and write
|
||
|
224C000
|
direct allocation
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
32E0000
|
unkown
|
page readonly
|
||
|
450000
|
heap
|
page read and write
|
||
|
230C000
|
direct allocation
|
page read and write
|
||
|
236A000
|
direct allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
3260000
|
direct allocation
|
page read and write
|
||
|
2286000
|
direct allocation
|
page read and write
|
||
|
34E8000
|
direct allocation
|
page read and write
|
||
|
231C000
|
direct allocation
|
page read and write
|
||
|
3353000
|
unkown
|
page readonly
|
||
|
2305000
|
direct allocation
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
32CD000
|
unkown
|
page readonly
|
||
|
354C000
|
direct allocation
|
page read and write
|
||
|
137DF000
|
stack
|
page read and write
|
||
|
1391F000
|
stack
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
2275000
|
direct allocation
|
page read and write
|
||
|
589000
|
unkown
|
page readonly
|
||
|
44C000
|
unkown
|
page readonly
|
||
|
2237000
|
direct allocation
|
page read and write
|
||
|
2329000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3441000
|
unkown
|
page execute read
|
||
|
232A000
|
direct allocation
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
2258000
|
direct allocation
|
page read and write
|
||
|
2249000
|
direct allocation
|
page read and write
|
||
|
460000
|
heap
|
page read and write
|
There are 163 hidden memdumps, click here to show them.