Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

Advanced_IP_Scanner_2.5.4594.12.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Program Files (x86)\Advanced IP Scanner\is-91UK3.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\unins000.dat

InnoSetup Log Advanced IP Scanner {FFA0FB35-59D6-4B0D-863C-1431EA12E295}, version 0x418, 6118283 bytes, 609290\37\user\376, C:\Program Files (x86)\Advanced IP Scanner

dropped

C:\Users\user\AppData\Local\Temp\is-11FV5.tmp\Advanced_IP_Scanner_2.5.4594.12.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-IKV4C.tmp\cispn.ps1

ASCII text, with very long lines (65333), with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\SysHelper\AudioCapture.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\HTCTL32.DLL

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\NSM.LIC

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\SysHelper\PCICHEK.DLL

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\PCICL32.DLL

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\TCCTL32.DLL

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\client32.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\pcicapi.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\remcmdstub.exe

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Advanced_IP_Scanner.ico (copy)

MS Windows icon resource - 9 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5Core.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5Gui.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5Network.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5PrintSupport.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5Widgets.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5WinExtras.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\Qt5Xml.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_ar_sa.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_bg_bg.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_console.exe (copy)

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_cs_cz.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_da_dk.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_de_de.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_el_gr.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_en_us.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_es_es.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_et_ee.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_fa_ir.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_fi_fi.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_fr_fr.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_he_il.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_hr_hr.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_hu_hu.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_id_id.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_it_it.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_ja_jp.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_ko_kr.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_lt_lt.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_lv_lv.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_nb_no.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_nl_nl.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_pl_pl.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_pt_br.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_ro_ro.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_ru_ru.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_sk_sk.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_sl_si.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_sr_latn_rs.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_sv_se.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_th_th.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_tr_tr.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_uk_ua.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_vi_vn.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_zh_cn.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\advanced_ip_scanner_zh_tw.qm (copy)

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-console-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-datetime-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-debug-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-errorhandling-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-file-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-file-l1-2-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-file-l2-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-handle-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-heap-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-interlocked-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-libraryloader-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-localization-l1-2-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-memory-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-namedpipe-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-processenvironment-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-processthreads-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-processthreads-l1-1-1.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-profile-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-string-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-synch-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-synch-l1-2-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-sysinfo-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-timezone-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-core-util-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-conio-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-convert-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-environment-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-heap-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-locale-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-math-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-multibyte-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-private-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-process-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-runtime-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-stdio-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-string-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-time-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\api-ms-win-crt-utility-l1-1-0.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_ar_sa.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_bg_bg.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_cs_cz.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_da_dk.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_de_de.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_el_gr.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_en_us.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_es_es.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_et_ee.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_fa_ir.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_fi_fi.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_fr_fr.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_he_il.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_hr_hr.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_hu_hu.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_id_id.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_it_it.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_ja_jp.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_ko_kr.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_lt_lt.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_lv_lv.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_nb_no.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_nl_nl.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_pl_pl.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_pt_br.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_ro_ro.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_ru_ru.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_sk_sk.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_sl_si.tpl (copy)

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_sr_latn_rs.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_sv_se.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_th_th.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_tr_tr.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_uk_ua.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_vi_vn.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_zh_cn.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\details_panel_zh_tw.tpl (copy)

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-0ILJP.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-0JASE.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-0MUQV.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-10EOV.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-15NDN.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-1NIKH.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-1NKEI.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-20DII.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-2I7SK.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-343PA.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-3CGK6.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-3K2R2.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-3SOVH.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-41CLQ.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-46V0R.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-4NCQS.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-4RR0D.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-4SNJ1.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-56ICT.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-56MED.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-5BCDU.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-5V8TO.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-6KKGK.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-78CDM.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7ATMD.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7B70A.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7EB2U.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7MB5M.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7SQHE.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-7V6MF.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-853KO.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8NBO4.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8NRP8.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8QOEK.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8VKRL.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8VN4T.tmp

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: DavidHacker, Number of Words: 0, Title: Radmin Viewer 3.5.2 installation package, Comments: This installer contains the logic and data to install Radmin Viewer 3.5.2, Keywords: Installer,MSI,Database, Subject: Radmin Viewer 3.5.2, Author: Famatech, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 12 - Professional Edition 12.0, Revision Number: {FAB726D2-8076-4144-B0E6-C4FC2A838845}, Last Saved Time/Date: Thu Dec 14 03:24:44 2017, Create Time/Date: Thu Dec 14 03:24:44 2017, Last Printed: Thu Dec 14 03:24:44 2017, Code page: 1252, Template: Intel;1033

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-8VUCH.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-92959.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-93J2E.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-A2PF2.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-AAM55.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-AG54M.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-AS062.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-B9MRD.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-BQ4R6.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-BSRNO.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-BUDS8.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-C3ISO.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-CD8F9.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-CEPGI.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-COPMO.tmp

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: DavidHacker, Number of Words: 0, Title: Radmin Server 3.5.2 installation package, Comments: This installer contains the logic and data to install Radmin Server 3.5.2, Keywords: Installer,MSI,Database, Subject: Radmin Server 3.5.2, Author: Famatech, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 12 - Professional Edition 12.0, Revision Number: {BBD285CD-D1FE-41B1-B6B4-7FF7C27F553B}, Last Saved Time/Date: Thu Dec 14 03:24:15 2017, Create Time/Date: Thu Dec 14 03:24:15 2017, Last Printed: Thu Dec 14 03:24:15 2017, Code page: 1252, Template: Intel;1033

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-CQ3UL.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-D0PHJ.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-D20H8.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-D9PC1.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DDFBG.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DFCT3.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DFILP.tmp

PE32 executable (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DFL4O.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DUCRI.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-DUVAI.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-F3K6Q.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-F3P1S.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-FRMIK.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-G2GC2.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-G2LTO.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-G3D36.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-GAURI.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-GHBG6.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-GUAOM.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-H3TKG.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-H6NSK.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-I6438.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-IE1PQ.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-IENMB.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-IGVP5.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-IL9T7.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-IUPCJ.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-J1O50.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-JFL1I.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-JL545.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-JPUOQ.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-JTIOC.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-KATLC.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-KNEGU.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-L5RGU.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-LD7HJ.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-LM1LE.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-MMC0L.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-N93NO.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-NE6KC.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-NFUA7.tmp

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-NKCKG.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-NP40K.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-NPJ2M.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-O0KOL.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-O14EM.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-O6RBU.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-OBI2J.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-OIGQ5.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-OJCV9.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-OMMKA.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-OT0US.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-P26AP.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-P7PAJ.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-PCH10.tmp

data

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-PCUIV.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-PIDI5.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-PLELM.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-QAUD7.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-QKPDD.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-RBEFM.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-RE519.tmp

HTML document, ASCII text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-S75TV.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-S95E4.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-SBQ2U.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-SCCPB.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-SF594.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-SOP7H.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-T1SL1.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-T7QJD.tmp

MS Windows icon resource - 9 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-TPUU9.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-TSVHT.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-UBTCO.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-UMBR1.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-UOE1C.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-US4L4.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-UUCTA.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-V4FHL.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-V7TQP.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-V9VQH.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-VIPLP.tmp

HTML document, Unicode text, UTF-8 text, with CRLF line terminators

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-VPJQT.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-VRSD9.tmp

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\is-VURIP.tmp

Qt Translation file

dropped

C:\Program Files (x86)\Advanced IP Scanner\libeay32.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\mac_interval_tree.txt (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files (x86)\Advanced IP Scanner\msvcp140.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\pcre.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\platforms\is-CJFIB.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\platforms\qwindows.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\printsupport\is-T9A9E.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\printsupport\windowsprintersupport.dll (copy)

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\rserv35ml.msi (copy)

Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Number of Characters: 0, Last Saved By: DavidHacker, Number of Words: 0, Title: Radmin Server 3.5.2 installation package, Comments: This installer contains the logic and data to install Radmin Server 3.5.2, Keywords: Installer,MSI,Database, Subject: Radmin Server 3.5.2, Author: Famatech, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 12 - Professional Edition 12.0, Revision Number: {BBD285CD-D1FE-41B1-B6B4-7FF7C27F553B}, Last Saved Time/Date: Thu Dec 14 03:24:15 2017, Create Time/Date: Thu Dec 14 03:24:15 2017, Last Printed: Thu Dec 14 03:24:15 2017, Code page: 1252, Template: Intel;1033

dropped

C:\Program Files (x86)\Advanced IP Scanner\rview35ml.msi (copy)

dropped

C:\Program Files (x86)\Advanced IP Scanner\service_probes (copy)

data

dropped

C:\Program Files (x86)\Advanced IP Scanner\ssleay32.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\ucrtbase.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\unins000.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files (x86)\Advanced IP Scanner\vcruntime140.dll (copy)

PE32 executable (DLL) (console) Intel 80386, for MS Windows

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Tools\Advanced IP Scanner for Windows.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu Oct 31 16:48:27 2024, mtime=Thu Oct 31 16:48:27 2024, atime=Fri Apr 29 17:13:52 2022, length=1681960, window=hide

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\loca[1].htm

ASCII text, with no line terminators

modified

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4igrxoea.n1m.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rxvqd1bb.a44.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ynw52z5h.1ox.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zpr3rbzi.bjw.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\is-IKV4C.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\client32.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\SysHelper\msvcr100.dll

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\SysHelper\nskbfltr.inf

Windows setup INFormation

dropped

C:\Users\user\AppData\Roaming\SysHelper\nsm_vpro.ini

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\init_temp.zip

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

There are 291 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe

"C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe"

Details

Is windows:	false
Is dropped:	false
PID:	7496
Target ID:	0
Parent PID:	2580
Name:	Advanced_IP_Scanner_2.5.4594.12.exe
Path:	C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe
Commandline:	"C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe"
Size:	21426168
MD5:	446C29D515104B6752C1E9DA981D4E5E
Time:	13:48:09
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0xc00000
Modulesize:	872448
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Sample file is different than original file name gathered from version info	System Summary
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Uses 32bit PE files	Compliance, System Summary
Sample might require command line arguments	System Summary	Command and Scripting Interpreter
Sample reads its own file content	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
URLs found in memory or binary data	Networking
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE / OLE file has a valid certificate	Compliance, System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Local\Temp\is-11FV5.tmp\Advanced_IP_Scanner_2.5.4594.12.tmp

"C:\Users\user\AppData\Local\Temp\is-11FV5.tmp\Advanced_IP_Scanner_2.5.4594.12.tmp" /SL5="$20466,18032967,815616,C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe"

Details

Is windows:	false
Is dropped:	true
PID:	7512
Target ID:	1
Parent PID:	7496
Name:	Advanced_IP_Scanner_2.5.4594.12.tmp
Path:	C:\Users\user\AppData\Local\Temp\is-11FV5.tmp\Advanced_IP_Scanner_2.5.4594.12.tmp
Commandline:	"C:\Users\user\AppData\Local\Temp\is-11FV5.tmp\Advanced_IP_Scanner_2.5.4594.12.tmp" /SL5="$20466,18032967,815616,C:\Users\user\Desktop\Advanced_IP_Scanner_2.5.4594.12.exe"
Size:	3305472
MD5:	597637EDBEBB79D482E762E238209BCD
Time:	13:48:10
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x3f0000
Modulesize:	3358720
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Drops PE files	Persistence and Installation Behavior
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-IKV4C.tmp\cispn.ps1"

Details

Is windows:	true
Is dropped:	false
PID:	7872
Target ID:	5
Parent PID:	7512
Name:	powershell.exe
Class:	powershell
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File "C:\Users\user\AppData\Local\Temp\is-IKV4C.tmp\cispn.ps1"
Size:	433152
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Time:	13:48:32
Date:	31/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x520000
Modulesize:	446464
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Powershell drops NetSupport RAT client	Remote Access Functionality
Bypasses PowerShell execution policy	HIPS / PFW / Operating System Protection Evasion	PowerShell
Sigma detected: Script Interpreter Execution From Suspicious Folder	System Summary
Sigma detected: Suspicious Script Execution From Temp Folder	System Summary
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Change PowerShell Policies to an Insecure Level	System Summary
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Sigma detected: Potential Binary Or Script Dropper Via PowerShell	System Summary
Yara detected NetSupport remote tool	Remote Access Functionality
Sigma detected: Non Interactive PowerShell Process Spawned	System Summary
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Roaming\SysHelper\client32.exe

"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"

Details

Is windows:	false
Is dropped:	true
PID:	8036
Target ID:	7
Parent PID:	7872
Name:	client32.exe
Path:	C:\Users\user\AppData\Roaming\SysHelper\client32.exe
Commandline:	"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"
Size:	121304
MD5:	4F2D0F4A5BA798FA9E85379C7C4BD36E
Time:	13:48:36
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x400000
Modulesize:	114688
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Yara detected NetSupport remote tool	Remote Access Functionality
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Roaming\SysHelper\client32.exe

"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"

Details

Is windows:	false
Is dropped:	true
PID:	8168
Target ID:	8
Parent PID:	2580
Name:	client32.exe
Path:	C:\Users\user\AppData\Roaming\SysHelper\client32.exe
Commandline:	"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"
Size:	121304
MD5:	4F2D0F4A5BA798FA9E85379C7C4BD36E
Time:	13:48:45
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x800000
Modulesize:	962560
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Yara detected NetSupport remote tool	Remote Access Functionality
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Users\user\AppData\Roaming\SysHelper\client32.exe

"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"

Details

Is windows:	false
Is dropped:	true
PID:	4564
Target ID:	10
Parent PID:	2580
Name:	client32.exe
Path:	C:\Users\user\AppData\Roaming\SysHelper\client32.exe
Commandline:	"C:\Users\user\AppData\Roaming\SysHelper\client32.exe"
Size:	121304
MD5:	4F2D0F4A5BA798FA9E85379C7C4BD36E
Time:	13:48:53
Date:	31/10/2024
Reason:	newprocess
Reputation:	low
Is admin:	false
Is elevated:	false
Modulebase:	0x400000
Modulesize:	114688
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Powershell drops PE file	System Summary	PowerShell
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Drops PE files	Persistence and Installation Behavior
EXE planting / hijacking vulnerabilities found	Privilege Escalation, Compliance	DLL Search Order Hijacking
Sigma detected: CurrentVersion Autorun Keys Modification	System Summary
Yara detected Keylogger Generic	Key, Mouse, Clipboard, Microphone and Screen Capturing
Yara detected NetSupport remote tool	Remote Access Functionality
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7880
Target ID:	6
Parent PID:	7872
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	13:48:33
Date:	31/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://151.236.16.15/fakeurl.htm

151.236.16.15

http://199.188.200.195/fakeurl.htm

199.188.200.195

http://www.netsupportsoftware.com

unknown

https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU

unknown

http://%s/testpage.htmwininet.dll

unknown

http://geo.netsupportsoftware.com/location/loca.asp

104.26.1.231

http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0

unknown

http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)

unknown

http://ocsp.sectigo.com0

unknown

http://www.pci.co.uk/supportsupport

unknown

http://crl.microsoft

unknown

https://contoso.com/License

unknown

http://127.0.0.1RESUMEPRINTING

unknown

http://%s/testpage.htm

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#

unknown

http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#

unknown

http://www.ultimatenetworktool.com/update

unknown

http://crl.microsoV

unknown

http://%s/fakeurl.htm

unknown

http://geo.netsupportsoftware.com/location/loca.aspM

unknown

http://geo.netsupportsoftware.com/location/loca.asp=Rw

unknown

http://crl.thawte.com/ThawteTimestampingCA.crl0

unknown

http://geo.netsupportsoftware.com/location/loca.asptXI

unknown

https://aka.ms/pscore6lB

unknown

http://www.ultimatenetworktool.com

unknown

https://www.remobjects.com/ps

unknown

https://contoso.com/

unknown

https://nuget.org/nuget.exe

unknown

https://www.innosetup.com/

unknown

https://sectigo.com/CPS0D

unknown

http://www.famatech.comARPHELPLINKThe

unknown

http://www.macrovision.com0

unknown

http://geo.netsupportsoftware.com/location/loca.aspp

unknown

http://www.netsupportschool.com/tutor-assistant.asp11(

unknown

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

unknown

http://www.netsupportschool.com/tutor-assistant.asp

unknown

http://nuget.org/NuGet.exe

unknown

http://www.pci.co.uk/support

unknown

https://sectigo.com/CPS0

unknown

http://pesterbdd.com/images/Pester.png

unknown

http://schemas.xmlsoap.org/soap/encoding/

unknown

http://www.apache.org/licenses/LICENSE-2.0.html

unknown

http://ocsp.thawte.com0

unknown

https://contoso.com/Icon

unknown

http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#

unknown

http://www.radmin.com

unknown

http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s

unknown

http://127.0.0.1

unknown

http://www.symauth.com/cps0(

unknown

https://github.com/Pester/Pester

unknown

http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

unknown

http://www.advanced-ip-scanner.com0

unknown

http://crl.m

unknown

http://www.ultimatenetworktool.com1

unknown

http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y

unknown

http://www.symauth.com/rpa00

unknown

http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

unknown

http://www.ultimatenetworktool.com/support

unknown

http://schemas.xmlsoap.org/wsdl/

unknown

There are 49 hidden URLs, click here to show them.

Domains

Name

Malicious

payiki.com

151.236.16.15

Details

Name:	payiki.com
IP:	151.236.16.15
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

anyhowdo.com

199.188.200.195

Details

Name:	anyhowdo.com
IP:	199.188.200.195
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol

geo.netsupportsoftware.com

104.26.1.231

Details

Name:	geo.netsupportsoftware.com
IP:	104.26.1.231
TargetID:	-1
Active:	true

Signature Hits	Behavior Group	Mitre Attack
HTTP GET or POST without a user agent	Networking
Downloads files from webservers via HTTP	Networking	Application Layer Protocol Non-Application Layer Protocol Ingress Tool Transfer
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
URLs found in memory or binary data	Networking

IPs

Domain

Country

Malicious

151.236.16.15

payiki.com

European Union

Details

IP:	151.236.16.15
TargetID:	7
Current Path:	C:\Users\user\AppData\Roaming\SysHelper\client32.exe
Country:	European Union
Countrycode:	EU
ASN number:	29802
ASN name:	HVC-ASUS
Private:	false
Domain:	payiki.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

199.188.200.195

anyhowdo.com

United States

Details

IP:	199.188.200.195
TargetID:	7
Current Path:	C:\Users\user\AppData\Roaming\SysHelper\client32.exe
Country:	United States
Countrycode:	USA
ASN number:	22612
ASN name:	NAMECHEAP-NETUS
Private:	false
Domain:	anyhowdo.com

Signature Hits	Behavior Group	Mitre Attack
Suricata IDS alerts for network traffic	Networking

104.26.1.231

geo.netsupportsoftware.com

United States

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: Setup Version

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: App Path

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: Icon Group

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: User

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: Selected Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: Deselected Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Inno Setup: Language

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

DisplayIcon

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

QuietUninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

MajorVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

MinorVersion

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FFA0FB35-59D6-4B0D-863C-1431EA12E295}}_is1

EstimatedSize

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

MyApp

There are 16 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

6B5000

unkown

page readonly

2574000

direct allocation

page read and write

35BF000

stack

page read and write

491F000

stack

page read and write

AE4000

heap

page read and write

4A40000

heap

page read and write

4C31000

trusted library allocation

page read and write

727E000

stack

page read and write

755F000

stack

page read and write

25D0000

heap

page read and write

46C0000

heap

page read and write

688B2000

unkown

page readonly

4C20000

heap

page execute and read and write

3280000

heap

page read and write

76A8000

heap

page read and write

AB9000

heap

page read and write

450000

heap

page read and write

3018000

heap

page read and write

2673000

direct allocation

page read and write

4EDF000

stack

page read and write

111DD000

unkown

page read and write

93000

stack

page read and write

254E000

stack

page read and write

50C4000

trusted library allocation

page read and write

2583000

direct allocation

page read and write

E30000

heap

page read and write

695A000

trusted library allocation

page read and write

7EF1B000

direct allocation

page read and write

3F1000

unkown

page execute read

3023000

heap

page read and write

85CE000

stack

page read and write

11222000

unkown

page readonly

18C000

stack

page read and write

2C68000

direct allocation

page read and write

3214000

trusted library allocation

page read and write

76B6000

heap

page read and write

300000

heap

page read and write

3245000

trusted library allocation

page execute and read and write

864E000

stack

page read and write

592F000

stack

page read and write

5557000

heap

page read and write

20A0000

heap

page read and write

2C95000

direct allocation

page read and write

2F8E000

heap

page read and write

2FAE000

heap

page read and write

266C000

direct allocation

page read and write

2D48000

direct allocation

page read and write

46F0000

heap

page read and write

3098000

heap

page read and write

1118F000

unkown

page readonly

4A60000

heap

page read and write

687D1000

unkown

page execute read

A88000

heap

page read and write

5253000

trusted library allocation

page read and write

9A000

stack

page read and write

537000

heap

page read and write

31DE000

stack

page read and write

2F9B000

heap

page read and write

34A1000

direct allocation

page read and write

1135E000

unkown

page readonly

11001000

unkown

page execute read

AC3000

heap

page read and write

2C28000

direct allocation

page read and write

8F0000

heap

page read and write

8740000

heap

page read and write

4DD000

heap

page read and write

11360000

unkown

page readonly

403000

unkown

page read and write

8D0000

heap

page read and write

542000

heap

page read and write

2E00000

heap

page read and write

688B2000

unkown

page readonly

111FC000

unkown

page readonly

1460000

heap

page read and write

543000

heap

page read and write

E39000

heap

page read and write

495E000

stack

page read and write

537000

heap

page read and write

2FA5000

heap

page read and write

3010000

heap

page read and write

2260000

heap

page read and write

200000

heap

page read and write

68896000

unkown

page read and write

688B3000

unkown

page read and write

257C000

direct allocation

page read and write

A99000

heap

page read and write

6FEE000

stack

page read and write

500000

heap

page read and write

31B0000

heap

page read and write

8F0000

heap

page read and write

1127E000

unkown

page readonly

8BF000

stack

page read and write

68895000

unkown

page readonly

262B000

direct allocation

page read and write

7F230000

direct allocation

page read and write

49C000

heap

page read and write

46E0000

heap

page read and write

2FA9000

heap

page read and write

554F000

heap

page read and write

7630000

heap

page read and write

7A10000

trusted library allocation

page read and write

34D000

stack

page read and write

685D9000

unkown

page write copy

7691000

heap

page read and write

11252000

unkown

page readonly

53E000

heap

page read and write

404000

unkown

page readonly

9A6000

heap

page read and write

2C61000

direct allocation

page read and write

25C4000

heap

page read and write

543000

heap

page read and write

25EE000

direct allocation

page read and write

1124C000

unkown

page readonly

593000

heap

page read and write

772E000

heap

page read and write

2BDC000

stack

page read and write

9C000

stack

page read and write

258A000

direct allocation

page read and write

A58000

heap

page read and write

21EE000

stack

page read and write

3213000

trusted library allocation

page execute and read and write

502000

heap

page read and write

5C0000

heap

page read and write

2FAB000

heap

page read and write

6B0000

unkown

page write copy

403000

unkown

page read and write

2632000

direct allocation

page read and write

3039000

heap

page read and write

89A0000

trusted library allocation

page read and write

4F9000

heap

page read and write

3260000

trusted library allocation

page read and write

304E000

stack

page read and write

264F000

direct allocation

page read and write

11229000

unkown

page readonly

713B000

stack

page read and write

50A8000

direct allocation

page read and write

2CDA000

direct allocation

page read and write

3287000

heap

page read and write

751E000

stack

page read and write

455000

heap

page read and write

2F66000

heap

page read and write

5930000

heap

page read and write

240E000

stack

page read and write

957000

heap

page read and write

2D24000

direct allocation

page read and write

25EB000

direct allocation

page read and write

250F000

stack

page read and write

2FB9000

heap

page read and write

5C31000

trusted library allocation

page read and write

2688000

direct allocation

page read and write

4B2000

heap

page read and write

555F000

heap

page read and write

AE4000

heap

page read and write

2F30000

heap

page read and write

68890000

unkown

page readonly

2F1E000

stack

page read and write

3A2E000

stack

page read and write

7617000

trusted library allocation

page read and write

2AC3000

heap

page read and write

853D000

stack

page read and write

554D000

heap

page read and write

323A000

trusted library allocation

page execute and read and write

76E000

stack

page read and write

4B6E000

stack

page read and write

95E0000

trusted library allocation

page read and write

400000

unkown

page readonly

56E000

stack

page read and write

2DE0000

heap

page read and write

400000

unkown

page readonly

6B7000

unkown

page readonly

101E000

stack

page read and write

68886000

unkown

page write copy

68891000

unkown

page execute read

300D000

heap

page read and write

19C000

stack

page read and write

4A50000

trusted library allocation

page execute and read and write

A9F000

heap

page read and write

6E8000

heap

page read and write

2664000

direct allocation

page read and write

7A50000

trusted library allocation

page read and write

708000

unkown

page readonly

562E000

trusted library allocation

page read and write

543000

heap

page read and write

4D0F000

stack

page read and write

53E000

heap

page read and write

688B0000

unkown

page readonly

79BD000

stack

page read and write

7640000

heap

page read and write

6FAE000

stack

page read and write

99C000

stack

page read and write

4B2000

heap

page read and write

11229000

unkown

page readonly

87B9000

heap

page read and write

392E000

stack

page read and write

3242000

trusted library allocation

page read and write

8970000

trusted library allocation

page read and write

86F0000

trusted library allocation

page read and write

3A6E000

stack

page read and write

C00000

unkown

page readonly

1127E000

unkown

page readonly

7A60000

trusted library allocation

page read and write

7850000

trusted library allocation

page read and write

7DC50000

direct allocation

page read and write

300D000

heap

page read and write

25A0000

heap

page read and write

7EDC0000

direct allocation

page read and write

2FAC000

heap

page read and write

69E000

unkown

page write copy

319F000

stack

page read and write

7A80000

trusted library allocation

page read and write

3060000

heap

page read and write

536000

heap

page read and write

34B3000

direct allocation

page read and write

2598000

direct allocation

page read and write

554E000

heap

page read and write

360E000

stack

page read and write

AE8000

heap

page read and write

303D000

heap

page read and write

25D9000

direct allocation

page read and write

70FD000

stack

page read and write

517000

heap

page read and write

450000

heap

page read and write

23D0000

heap

page read and write

CB7000

unkown

page readonly

2D41000

direct allocation

page read and write

CB5000

unkown

page write copy

11222000

unkown

page readonly

7718000

heap

page read and write

37B7000

direct allocation

page read and write

372E000

direct allocation

page read and write

500000

heap

page read and write

31B9000

heap

page read and write

53E000

stack

page read and write

7EF00000

direct allocation

page read and write

368E000

direct allocation

page read and write

45A000

heap

page read and write

68896000

unkown

page read and write

AD6000

heap

page read and write

2F9B000

heap

page read and write

688B0000

unkown

page readonly

404000

unkown

page readonly

8983000

trusted library allocation

page read and write

4A5F000

stack

page read and write

5D5000

heap

page read and write

2D33000

direct allocation

page read and write

AAD000

heap

page read and write

CA9000

unkown

page write copy

7A90000

trusted library allocation

page read and write

A88000

heap

page read and write

117F000

stack

page read and write

6FF000

heap

page read and write

4C91000

trusted library allocation

page read and write

3018000

heap

page read and write

685DE000

unkown

page read and write

688B3000

unkown

page read and write

68889000

unkown

page readonly

595000

heap

page read and write

2D3A000

direct allocation

page read and write

3779000

direct allocation

page read and write

37AD000

direct allocation

page read and write

420000

heap

page read and write

505E000

stack

page read and write

20FC000

stack

page read and write

AB4000

heap

page read and write

6E0000

heap

page read and write

759E000

stack

page read and write

111F2000

unkown

page readonly

11000000

unkown

page readonly

5014000

direct allocation

page read and write

3BAB000

stack

page read and write

84D2000

trusted library allocation

page read and write

AC5000

heap

page read and write

400000

unkown

page readonly

3229000

trusted library allocation

page read and write

2FA5000

heap

page read and write

2C0B000

stack

page read and write

5570000

heap

page read and write

1124C000

unkown

page readonly

403000

unkown

page write copy

265D000

direct allocation

page read and write

79F0000

trusted library allocation

page read and write

7610000

trusted library allocation

page read and write

7A20000

trusted library allocation

page read and write

3124000

heap

page read and write

8782000

heap

page read and write

2FA5000

heap

page read and write

2614000

direct allocation

page read and write

3270000

heap

page readonly

8CFD000

stack

page read and write

FDE000

stack

page read and write

11229000

unkown

page readonly

2D0F000

direct allocation

page read and write

79D0000

trusted library allocation

page execute and read and write

8F0000

heap

page read and write

590000

heap

page read and write

AD1000

heap

page read and write

8AF000

stack

page read and write

735F000

stack

page read and write

68590000

unkown

page readonly

AEA000

heap

page read and write

2F35000

heap

page read and write

A98000

heap

page read and write

7C0000

heap

page read and write

5551000

heap

page read and write

5BE000

stack

page read and write

37AB000

direct allocation

page read and write

25E8000

heap

page read and write

21E0000

heap

page read and write

4FE000

heap

page read and write

8CBB000

stack

page read and write

25E3000

heap

page read and write

76B1000

heap

page read and write

8D0000

heap

page read and write

2C2F000

direct allocation

page read and write

76F000

stack

page read and write

111DD000

unkown

page read and write

2FC7000

heap

page read and write

4F30000

direct allocation

page read and write

21FE000

stack

page read and write

A9E000

heap

page read and write

2B0F000

stack

page read and write

7E7F0000

direct allocation

page read and write

685D0000

unkown

page readonly

AC7000

heap

page read and write

8990000

trusted library allocation

page read and write

2FAA000

heap

page read and write

7F730000

trusted library allocation

page execute and read and write

3220000

trusted library allocation

page read and write

2F20000

heap

page read and write

5540000

heap

page read and write

11222000

unkown

page readonly

13DE000

stack

page read and write

403000

unkown

page write copy

68889000

unkown

page readonly

687D1000

unkown

page execute read

376F000

direct allocation

page read and write

2C77000

direct allocation

page read and write

321D000

trusted library allocation

page execute and read and write

239E000

stack

page read and write

2D16000

direct allocation

page read and write

25B0000

heap

page read and write

7859000

trusted library allocation

page read and write

590000

heap

page read and write

543000

heap

page read and write

4A30000

trusted library allocation

page read and write

30EF000

heap

page read and write

730000

heap

page read and write

11E0000

heap

page read and write

23E0000

heap

page read and write

AAA000

heap

page read and write

68896000

unkown

page read and write

84C0000

trusted library allocation

page read and write

89B0000

trusted library allocation

page read and write

868E000

stack

page read and write

5C40000

trusted library allocation

page read and write

2F86000

heap

page read and write

7AE000

stack

page read and write

2F63000

heap

page read and write

3497000

direct allocation

page read and write

537000

heap

page read and write

111FC000

unkown

page readonly

548000

heap

page read and write

CB9000

unkown

page readonly

685E0000

unkown

page readonly

578000

heap

page read and write

76DB000

heap

page read and write

261B000

direct allocation

page read and write

5269000

trusted library allocation

page read and write

2C4C000

direct allocation

page read and write

2C5A000

direct allocation

page read and write

A8C000

heap

page read and write

2EDD000

stack

page read and write

3420000

heap

page read and write

7E220000

direct allocation

page read and write

2C7E000

direct allocation

page read and write

5564000

heap

page read and write

570000

heap

page read and write

669B000

trusted library allocation

page read and write

543000

heap

page read and write

688B1000

unkown

page execute read

7A30000

trusted library allocation

page read and write

11252000

unkown

page readonly

2FFF000

heap

page read and write

68884000

unkown

page read and write

8980000

trusted library allocation

page read and write

31C0000

heap

page read and write

3042000

heap

page read and write

5D0000

heap

page read and write

2656000

direct allocation

page read and write

30D2000

heap

page read and write

2FD9000

heap

page read and write

111F2000

unkown

page readonly

4A9000

heap

page read and write

37C8000

direct allocation

page read and write

6DF000

stack

page read and write

2FF8000

heap

page read and write

1135E000

unkown

page readonly

111EC000

unkown

page read and write

1118F000

unkown

page readonly

7A00000

trusted library allocation

page read and write

400000

unkown

page readonly

1135E000

unkown

page readonly

4D83000

trusted library allocation

page read and write

2FB7000

heap

page read and write

ADA000

heap

page read and write

2C85000

direct allocation

page read and write

731E000

stack

page read and write

4BA000

heap

page read and write

2F84000

heap

page read and write

31B7000

heap

page read and write

68891000

unkown

page execute read

7A70000

trusted library allocation

page read and write

4CE000

heap

page read and write

7860000

trusted library allocation

page read and write

78A0000

trusted library allocation

page read and write

11000000

unkown

page readonly

430000

heap

page read and write

AB3000

heap

page read and write

2C90000

trusted library allocation

page read and write

19B000

stack

page read and write

536000

heap

page read and write

11E8000

heap

page read and write

68890000

unkown

page readonly

8580000

heap

page read and write

2240000

heap

page read and write

515D000

stack

page read and write

84F0000

trusted library allocation

page read and write

481E000

stack

page read and write

1123D000

unkown

page readonly

404000

unkown

page readonly

2E38000

stack

page read and write

723A000

stack

page read and write

543000

heap

page read and write

401000

unkown

page execute read

404000

unkown

page readonly

7DC50000

direct allocation

page read and write

4F4000

heap

page read and write

25D4000

heap

page read and write

68889000

unkown

page readonly

3210000

trusted library allocation

page read and write

2FF8000

heap

page read and write

687D0000

unkown

page readonly

5588000

trusted library allocation

page read and write

7A40000

trusted library allocation

page read and write

2C44000

direct allocation

page read and write

7659000

heap

page read and write

95D5000

trusted library allocation

page read and write

2D2C000

direct allocation

page read and write

4AEE000

stack

page read and write

2CF2000

direct allocation

page read and write

3F0000

unkown

page readonly

5C59000

trusted library allocation

page read and write

3290000

direct allocation

page read and write

8950000

trusted library allocation

page execute and read and write

4D10000

unclassified section

page read and write

87B2000

heap

page read and write

94D000

stack

page read and write

C4E000

stack

page read and write

79C0000

trusted library allocation

page read and write

7F20B000

direct allocation

page read and write

CB2000

unkown

page read and write

687D0000

unkown

page readonly

CA9000

unkown

page read and write

2FAA000

heap

page read and write

706E000

stack

page read and write

702E000

stack

page read and write

111DD000

unkown

page read and write

68895000

unkown

page readonly

256D000

direct allocation

page read and write

688A4000

unkown

page readonly

401000

unkown

page execute read

68886000

unkown

page write copy

555E000

heap

page read and write

3010000

heap

page read and write

374E000

direct allocation

page read and write

5563000

heap

page read and write

3018000

heap

page read and write

3068000

heap

page read and write

111EC000

unkown

page read and write

554B000

heap

page read and write

2C8C000

direct allocation

page read and write

3039000

heap

page read and write

7D0000

direct allocation

page read and write

3200000

trusted library allocation

page read and write

4BDE000

stack

page read and write

2C3D000

direct allocation

page read and write

401000

unkown

page execute read

309E000

stack

page read and write

25A0000

direct allocation

page read and write

543000

heap

page read and write

4B7000

heap

page read and write

11250000

unkown

page readonly

3490000

direct allocation

page read and write

1118F000

unkown

page readonly

86E0000

trusted library allocation

page read and write

2604000

direct allocation

page read and write

688B1000

unkown

page execute read

2FF8000

heap

page read and write

A93000

heap

page read and write

4FF000

heap

page read and write

AAC000

heap

page read and write

688B1000

unkown

page execute read

2566000

direct allocation

page read and write

9C0000

heap

page read and write

6A0000

unkown

page read and write

1127E000

unkown

page readonly

11250000

unkown

page readonly

368E000

stack

page read and write

2C53000

direct allocation

page read and write

2C1F000

direct allocation

page read and write

AA3000

heap

page read and write

11F9000

heap

page read and write

111F2000

unkown

page readonly

33D0000

direct allocation

page read and write

537000

heap

page read and write

554F000

heap

page read and write

79E0000

trusted library allocation

page read and write

111FC000

unkown

page readonly

7620000

heap

page execute and read and write

2648000

direct allocation

page read and write

5558000

heap

page read and write

582E000

stack

page read and write

7E220000

direct allocation

page read and write

688B2000

unkown

page readonly

2FAB000

heap

page read and write

E35000

heap

page read and write

38E000

stack

page read and write

540000

heap

page read and write

72BB000

stack

page read and write

34DF000

direct allocation

page read and write

7695000

heap

page read and write

420000

heap

page read and write

2F93000

heap

page read and write

2D1D000

direct allocation

page read and write

4AAE000

stack

page read and write

11001000

unkown

page execute read

A90000

heap

page read and write

141E000

stack

page read and write

254E000

stack

page read and write

4B85000

heap

page execute and read and write

2E0000

heap

page read and write

7DC50000

direct allocation

page read and write

6955000

trusted library allocation

page read and write

1123D000

unkown

page readonly

5010000

direct allocation

page read and write

703000

heap

page read and write

857E000

stack

page read and write

2C9C000

direct allocation

page read and write

737F000

heap

page read and write

7636000

heap

page read and write

7AA0000

trusted library allocation

page read and write

7632000

heap

page read and write

25F6000

direct allocation

page read and write

AA4000

heap

page read and write

375B000

direct allocation

page read and write

6AD000

unkown

page read and write

2208000

heap

page read and write

EC0000

heap

page read and write

24A0000

heap

page read and write

543000

heap

page read and write

2550000

direct allocation

page read and write

2CF9000

direct allocation

page read and write

2200000

heap

page read and write

5255000

trusted library allocation

page read and write

543000

heap

page read and write

2260000

heap

page read and write

2C70000

direct allocation

page read and write

AE0000

heap

page read and write

7360000

heap

page read and write

401000

unkown

page execute read

687D0000

unkown

page readonly

25A4000

heap

page read and write

4B2C000

stack

page read and write

75DE000

stack

page read and write

306000

heap

page read and write

AAF000

heap

page read and write

5544000

heap

page read and write

2624000

direct allocation

page read and write

543000

heap

page read and write

33BF000

direct allocation

page read and write

2591000

direct allocation

page read and write

5C48000

trusted library allocation

page read and write

255F000

direct allocation

page read and write

2245000

heap

page read and write

7388000

heap

page read and write

71BE000

stack

page read and write

2FAA000

heap

page read and write

688B4000

unkown

page readonly

68895000

unkown

page readonly

218E000

stack

page read and write

2265000

heap

page read and write

687D1000

unkown

page execute read

4C0E000

stack

page read and write

4C1E000

stack

page read and write

76C2000

heap

page read and write

304F000

heap

page read and write

2AC0000

heap

page read and write

688B4000

unkown

page readonly

3042000

heap

page read and write

403000

unkown

page write copy

685DA000

unkown

page read and write

6A5000

unkown

page read and write

3010000

heap

page read and write

58E000

stack

page read and write

4F8000

heap

page read and write

68591000

unkown

page execute read

401000

unkown

page execute read

AB2000

heap

page read and write

D5B000

stack

page read and write

300D000

heap

page read and write

68884000

unkown

page read and write

319F000

stack

page read and write

2CA3000

direct allocation

page read and write

30DD000

heap

page read and write

7830000

trusted library allocation

page read and write

94C000

stack

page read and write

C01000

unkown

page execute read

A91000

heap

page read and write

68890000

unkown

page readonly

1020000

heap

page read and write

878D000

heap

page read and write

2CAA000

direct allocation

page read and write

8490000

trusted library allocation

page execute and read and write

AB2000

heap

page read and write

267A000

direct allocation

page read and write

688A4000

unkown

page readonly

2FA2000

heap

page read and write

69E000

unkown

page read and write

7840000

trusted library allocation

page read and write

A8E000

heap

page read and write

2681000

direct allocation

page read and write

25C0000

heap

page read and write

4F4000

heap

page read and write

3042000

heap

page read and write

2F9B000

heap

page read and write

8480000

heap

page read and write

8DF000

stack

page read and write

230E000

stack

page read and write

E5C000

stack

page read and write

548000

heap

page read and write

11360000

unkown

page readonly

2F81000

heap

page read and write

688B4000

unkown

page readonly

111EC000

unkown

page read and write

37A1000

direct allocation

page read and write

2F65000

heap

page read and write

68884000

unkown

page read and write

45E000

heap

page read and write

717E000

stack

page read and write

516A000

trusted library allocation

page read and write

50AC000

direct allocation

page read and write

303D000

heap

page read and write

2FA7000

heap

page read and write

19C000

stack

page read and write

11360000

unkown

page readonly

4AF000

heap

page read and write

78FE000

stack

page read and write

950000

heap

page read and write

4DDE000

stack

page read and write

ABE000

heap

page read and write

537000

heap

page read and write

404000

unkown

page readonly

797E000

stack

page read and write

2D00000

direct allocation

page read and write

25F2000

heap

page read and write

688B3000

unkown

page read and write

420000

heap

page read and write

9C000

stack

page read and write

54C000

heap

page read and write

3D0000

heap

page read and write

8960000

trusted library allocation

page execute and read and write

AC5000

heap

page read and write

2E90000

heap

page read and write

3E0000

direct allocation

page execute and read and write

1124C000

unkown

page readonly

7741000

heap

page read and write

50CE000

trusted library allocation

page read and write

71FD000

stack

page read and write

536000

heap

page read and write

7D960000

direct allocation

page read and write

7F748000

trusted library allocation

page execute and read and write

688A4000

unkown

page readonly

68886000

unkown

page write copy

1070000

heap

page read and write

AF8000

heap

page read and write

32DF000

stack

page read and write

11252000

unkown

page readonly

3788000

direct allocation

page read and write

2290000

heap

page read and write

793E000

stack

page read and write

430000

heap

page read and write

7BE000

stack

page read and write

688B0000

unkown

page readonly

68891000

unkown

page execute read

25E0000

heap

page read and write

35C0000

direct allocation

page read and write

400000

unkown

page readonly

2F60000

heap

page read and write

5C9B000

trusted library allocation

page read and write

4B70000

trusted library allocation

page read and write

4B80000

heap

page execute and read and write

515000

heap

page read and write

2205000

heap

page read and write

ABB000

heap

page read and write

3230000

trusted library allocation

page read and write

9590000

trusted library allocation

page execute and read and write

2F61000

heap

page read and write

11000000

unkown

page readonly

A50000

heap

page read and write

2C36000

direct allocation

page read and write

7D0000

direct allocation

page read and write

3CAC000

stack

page read and write

860E000

stack

page read and write

404000

unkown

page readonly

4F7000

heap

page read and write

3764000

direct allocation

page read and write

403000

unkown

page read and write

1123D000

unkown

page readonly

3B6F000

stack

page read and write

3490000

direct allocation

page read and write

CAB000

unkown

page read and write

3240000

trusted library allocation

page read and write

400000

unkown

page readonly

11250000

unkown

page readonly

7664000

heap

page read and write

25FD000

direct allocation

page read and write

AAA000

heap

page read and write

305A000

heap

page read and write

401000

unkown

page execute read

7D680000

direct allocation

page read and write

2D08000

direct allocation

page read and write

25E0000

direct allocation

page read and write

11001000

unkown

page execute read

9A0000

heap

page read and write

There are 724 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Advanced_IP_Scanner_2.5.4594.12.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportAdvanced_IP_Scanner_2.5.4594.12.exe

Files

Processes

URLs

Domains

IPs

Registry

Memdumps

IOC Report
Advanced_IP_Scanner_2.5.4594.12.exe