Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
4g33Ui2SbU.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\NrSyGjROmCGtDpASNOvpVSwVnPlUgzUfLYxPPmJFBrONbfprATItBzpUrFXZDdAMlnoN\vmbCeNlTlpLNTakTDlwwgEI.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files (x86)\NrSyGjROmCGtDpASNOvpVSwVnPlUgzUfLYxPPmJFBrONbfprATItBzpUrFXZDdAMlnoN\vmbCeNlTlpLNTakTDlwwgEI.exe.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\System\symsrv.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\X86\MpOav.dll.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\X86\MpOav.dll (copy)
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Program Files\Common Files\System\symsrv.dll.000
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\update.exe
|
Non-ISO extended-ASCII text, with no line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\4g33Ui2SbU.exe
|
"C:\Users\user\Desktop\4g33Ui2SbU.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.aieov.com/so.gif
|
45.56.79.23
|
|
|
|
http://www.aieov.com/logo.gif
|
45.56.79.23
|
|
|
|
https://www.msn.com/spartan/ientp?locale%3D%25s%26market%3D%25s%26enableregulatorypsm%3D%25d%26enabl
|
unknown
|
||
|
http://html4/loose.dtd
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/J
|
unknown
|
||
|
https://www.msn.cn/spartan/ientp?locale%3D%25s%26market%3D%25s%26enableregulatorypsm%3D%25d%26enable
|
unknown
|
||
|
http://www.validationtest.contoso.com/test%ld.htmlMpOAV_ForceDeepScan
|
unknown
|
||
|
http://https:///WopiFrame.aspx?application/onecoreuap
|
unknown
|
||
|
http://a9.com/-/spec/opensearch/1.1DataSourceCLSIDShortNameSupportsAdvancedQuerySyntax
|
unknown
|
||
|
https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue?version=2
|
unknown
|
||
|
http://www.autoitscript.com/autoit3/0
|
unknown
|
||
|
https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue
|
unknown
|
||
|
http://http://www.file:///https://StartPinWindows.Internal.Storage.ItemCommandStartUnpinA
|
unknown
|
||
|
http://.css
|
unknown
|
||
|
https://www.modern.ie/umbraco/api/readingviewissues/postreadingviewissue
|
unknown
|
||
|
http://.jpg
|
unknown
|
||
|
http://test.com
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
www.aieov.com
|
45.56.79.23
|
|
|
|
5isohu.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
45.56.79.23
|
www.aieov.com
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
|
MRUListEx
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
|
MRUListEx
|
||
|
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3
|
MRUListEx
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
|
PendingFileRenameOperations
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1117000
|
heap
|
page read and write
|
||
|
ACF000
|
unkown
|
page write copy
|
||
|
103F000
|
heap
|
page read and write
|
||
|
10F1000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
B1E5000
|
heap
|
page read and write
|
||
|
8771000
|
heap
|
page read and write
|
||
|
877F000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
B782000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
BFA7000
|
heap
|
page read and write
|
||
|
B309000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
77AF000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
8771000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
B1ED000
|
heap
|
page read and write
|
||
|
B8B4000
|
heap
|
page read and write
|
||
|
B71F000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
B8B7000
|
heap
|
page read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
B786000
|
heap
|
page read and write
|
||
|
C3C4000
|
heap
|
page read and write
|
||
|
B1E1000
|
heap
|
page read and write
|
||
|
1D49000
|
heap
|
page read and write
|
||
|
B8B1000
|
heap
|
page read and write
|
||
|
B8D5000
|
heap
|
page read and write
|
||
|
B8BF000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
B210000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B305000
|
heap
|
page read and write
|
||
|
B1ED000
|
heap
|
page read and write
|
||
|
B1FD000
|
heap
|
page read and write
|
||
|
B1E8000
|
heap
|
page read and write
|
||
|
B2FC000
|
heap
|
page read and write
|
||
|
B1EA000
|
heap
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
B1E4000
|
heap
|
page read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
B8B4000
|
heap
|
page read and write
|
||
|
877D000
|
heap
|
page read and write
|
||
|
B8AD000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
B785000
|
heap
|
page read and write
|
||
|
779F000
|
heap
|
page read and write
|
||
|
877E000
|
heap
|
page read and write
|
||
|
BC81000
|
heap
|
page read and write
|
||
|
77AE000
|
heap
|
page read and write
|
||
|
8775000
|
heap
|
page read and write
|
||
|
B1E5000
|
heap
|
page read and write
|
||
|
BE84000
|
heap
|
page read and write
|
||
|
B1EE000
|
heap
|
page read and write
|
||
|
7762000
|
heap
|
page read and write
|
||
|
86F8000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
B789000
|
heap
|
page read and write
|
||
|
86E8000
|
heap
|
page read and write
|
||
|
B234000
|
heap
|
page read and write
|
||
|
8770000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
1240000
|
heap
|
page read and write
|
||
|
4BB6000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
B3B0000
|
heap
|
page read and write
|
||
|
77AE000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
B223000
|
heap
|
page read and write
|
||
|
B29E000
|
heap
|
page read and write
|
||
|
8779000
|
heap
|
page read and write
|
||
|
B1EE000
|
heap
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
B8D8000
|
heap
|
page read and write
|
||
|
C3BF000
|
heap
|
page read and write
|
||
|
B8A7000
|
heap
|
page read and write
|
||
|
B1EE000
|
heap
|
page read and write
|
||
|
B783000
|
heap
|
page read and write
|
||
|
BC87000
|
heap
|
page read and write
|
||
|
B32A000
|
heap
|
page read and write
|
||
|
B1ED000
|
heap
|
page read and write
|
||
|
B1E6000
|
heap
|
page read and write
|
||
|
BE83000
|
heap
|
page read and write
|
||
|
B8CC000
|
heap
|
page read and write
|
||
|
B1E6000
|
heap
|
page read and write
|
||
|
B1E9000
|
heap
|
page read and write
|
||
|
8804000
|
heap
|
page read and write
|
||
|
BE88000
|
heap
|
page read and write
|
||
|
4205000
|
heap
|
page read and write
|
||
|
B31D000
|
heap
|
page read and write
|
||
|
1116000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
4205000
|
heap
|
page read and write
|
||
|
8771000
|
heap
|
page read and write
|
||
|
779F000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
8772000
|
heap
|
page read and write
|
||
|
8771000
|
heap
|
page read and write
|
||
|
B208000
|
heap
|
page read and write
|
||
|
1D4A000
|
heap
|
page read and write
|
||
|
779E000
|
heap
|
page read and write
|
||
|
8772000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
877B000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
B8AB000
|
heap
|
page read and write
|
||
|
B21A000
|
heap
|
page read and write
|
||
|
B803000
|
heap
|
page read and write
|
||
|
AA0000
|
unkown
|
page readonly
|
||
|
B1E3000
|
heap
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
B1F3000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
1207000
|
heap
|
page read and write
|
||
|
B1E7000
|
heap
|
page read and write
|
||
|
B8C8000
|
heap
|
page read and write
|
||
|
B212000
|
heap
|
page read and write
|
||
|
4BBE000
|
heap
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
BC8D000
|
heap
|
page read and write
|
||
|
B1E0000
|
heap
|
page read and write
|
||
|
B32D000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
BC81000
|
heap
|
page read and write
|
||
|
B8D2000
|
heap
|
page read and write
|
||
|
B1EC000
|
heap
|
page read and write
|
||
|
4BB9000
|
heap
|
page read and write
|
||
|
B1EF000
|
heap
|
page read and write
|
||
|
BCE3000
|
heap
|
page read and write
|
||
|
B8C5000
|
heap
|
page read and write
|
||
|
B78B000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
B1EC000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
B277000
|
heap
|
page read and write
|
||
|
B6E0000
|
heap
|
page read and write
|
||
|
1202000
|
heap
|
page read and write
|
||
|
8720000
|
heap
|
page read and write
|
||
|
8803000
|
heap
|
page read and write
|
||
|
8831000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
8772000
|
heap
|
page read and write
|
||
|
877A000
|
heap
|
page read and write
|
||
|
775E000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
B1EA000
|
heap
|
page read and write
|
||
|
B1E3000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
8776000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
8776000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
B1E6000
|
heap
|
page read and write
|
||
|
B8A9000
|
heap
|
page read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
BCED000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
B89E000
|
heap
|
page read and write
|
||
|
B216000
|
heap
|
page read and write
|
||
|
B204000
|
heap
|
page read and write
|
||
|
1230000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
B1E4000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
B78E000
|
heap
|
page read and write
|
||
|
B1E1000
|
heap
|
page read and write
|
||
|
B8A4000
|
heap
|
page read and write
|
||
|
B231000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
877D000
|
heap
|
page read and write
|
||
|
877A000
|
heap
|
page read and write
|
||
|
779F000
|
heap
|
page read and write
|
||
|
11F7000
|
heap
|
page read and write
|
||
|
4205000
|
heap
|
page read and write
|
||
|
8776000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
B21F000
|
heap
|
page read and write
|
||
|
B1ED000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
B1E0000
|
heap
|
page read and write
|
||
|
116F000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
11EE000
|
heap
|
page read and write
|
||
|
B78C000
|
heap
|
page read and write
|
||
|
1156000
|
heap
|
page read and write
|
||
|
8777000
|
heap
|
page read and write
|
||
|
8824000
|
heap
|
page read and write
|
||
|
B8D5000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
8776000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
4BA1000
|
heap
|
page read and write
|
||
|
4205000
|
heap
|
page read and write
|
||
|
B1E0000
|
heap
|
page read and write
|
||
|
4B8A000
|
heap
|
page read and write
|
||
|
77AE000
|
heap
|
page read and write
|
||
|
4BB3000
|
heap
|
page read and write
|
||
|
B786000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
122A000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
877C000
|
heap
|
page read and write
|
||
|
B8CF000
|
heap
|
page read and write
|
||
|
BE83000
|
heap
|
page read and write
|
||
|
AD8000
|
unkown
|
page readonly
|
||
|
BCED000
|
heap
|
page read and write
|
||
|
B1E7000
|
heap
|
page read and write
|
||
|
B1E0000
|
heap
|
page read and write
|
||
|
B8A5000
|
heap
|
page read and write
|
||
|
B30C000
|
heap
|
page read and write
|
||
|
AC5000
|
unkown
|
page readonly
|
||
|
8773000
|
heap
|
page read and write
|
||
|
4B9A000
|
heap
|
page read and write
|
||
|
BE82000
|
heap
|
page read and write
|
||
|
4BA9000
|
heap
|
page read and write
|
||
|
882E000
|
heap
|
page read and write
|
||
|
8708000
|
heap
|
page read and write
|
||
|
AD3000
|
unkown
|
page write copy
|
||
|
1140000
|
heap
|
page read and write
|
||
|
77AE000
|
heap
|
page read and write
|
||
|
BC87000
|
heap
|
page read and write
|
||
|
8776000
|
heap
|
page read and write
|
||
|
1203000
|
heap
|
page read and write
|
||
|
1D49000
|
heap
|
page read and write
|
||
|
1244000
|
heap
|
page read and write
|
||
|
8773000
|
heap
|
page read and write
|
||
|
877C000
|
heap
|
page read and write
|
||
|
4202000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
4B81000
|
heap
|
page read and write
|
||
|
115C000
|
heap
|
page read and write
|
||
|
1140000
|
heap
|
page read and write
|
||
|
122E000
|
heap
|
page read and write
|
||
|
4BAA000
|
heap
|
page read and write
|
||
|
A10000
|
unkown
|
page readonly
|
||
|
8779000
|
heap
|
page read and write
|
||
|
113D000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
877F000
|
heap
|
page read and write
|
||
|
116B000
|
heap
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
1207000
|
heap
|
page read and write
|
||
|
4BC2000
|
heap
|
page read and write
|
||
|
8771000
|
heap
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
B8A7000
|
heap
|
page read and write
|
||
|
8772000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
B6E0000
|
trusted library allocation
|
page read and write
|
||
|
41F2000
|
heap
|
page read and write
|
||
|
880C000
|
heap
|
page read and write
|
||
|
A11000
|
unkown
|
page execute read
|
||
|
B3BF000
|
heap
|
page read and write
|
||
|
1117000
|
heap
|
page read and write
|
||
|
B8B0000
|
heap
|
page read and write
|
||
|
1169000
|
heap
|
page read and write
|
||
|
BCED000
|
heap
|
page read and write
|
||
|
BC8F000
|
heap
|
page read and write
|
||
|
BC81000
|
heap
|
page read and write
|
||
|
B8AE000
|
heap
|
page read and write
|
||
|
1159000
|
heap
|
page read and write
|
There are 268 hidden memdumps, click here to show them.