Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TortoiseGit-2.15.0.1-Hotfix-64bit.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-279VF.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-C5IQ9.tmp\TortoiseGit-2.15.0.1-Hotfix-64bit.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\TortoiseGit-2.15.0.1-Hotfix-64bit.exe
|
"C:\Users\user\Desktop\TortoiseGit-2.15.0.1-Hotfix-64bit.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-C5IQ9.tmp\TortoiseGit-2.15.0.1-Hotfix-64bit.tmp
|
"C:\Users\user\AppData\Local\Temp\is-C5IQ9.tmp\TortoiseGit-2.15.0.1-Hotfix-64bit.tmp" /SL5="$2043C,1792279,832512,C:\Users\user\Desktop\TortoiseGit-2.15.0.1-Hotfix-64bit.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0A
|
unknown
|
||
|
https://tortoisegit.orgQ6
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
https://tortoisegit.org.https://tortoisegit.org.https://tortoisegit.org
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
||
|
https://tortoisegit.org
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
|
unknown
|
||
|
http://ccsca2021.ocsp-certum.com05
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
https://tortoisegit.orgA
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://repository.certum.pl/ccsca2021.cer0
|
unknown
|
There are 11 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
22C3000
|
direct allocation
|
page read and write
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
9C7000
|
heap
|
page read and write
|
||
|
2240000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
2580000
|
direct allocation
|
page read and write
|
||
|
220C000
|
direct allocation
|
page read and write
|
||
|
258D000
|
direct allocation
|
page read and write
|
||
|
2271000
|
direct allocation
|
page read and write
|
||
|
2586000
|
direct allocation
|
page read and write
|
||
|
9D4000
|
heap
|
page read and write
|
||
|
227A000
|
direct allocation
|
page read and write
|
||
|
21FE000
|
direct allocation
|
page read and write
|
||
|
2561000
|
direct allocation
|
page read and write
|
||
|
22B4000
|
direct allocation
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
21E1000
|
direct allocation
|
page read and write
|
||
|
25B8000
|
direct allocation
|
page read and write
|
||
|
703000
|
unkown
|
page readonly
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
2544000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2281000
|
direct allocation
|
page read and write
|
||
|
9E3000
|
heap
|
page read and write
|
||
|
2552000
|
direct allocation
|
page read and write
|
||
|
24A4000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
24DD000
|
direct allocation
|
page read and write
|
||
|
BDF000
|
stack
|
page read and write
|
||
|
21D2000
|
direct allocation
|
page read and write
|
||
|
2221000
|
direct allocation
|
page read and write
|
||
|
9BC000
|
heap
|
page read and write
|
||
|
6C9000
|
unkown
|
page read and write
|
||
|
254B000
|
direct allocation
|
page read and write
|
||
|
3490000
|
direct allocation
|
page read and write
|
||
|
9F1000
|
heap
|
page read and write
|
||
|
56E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
251F000
|
direct allocation
|
page read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
21B3000
|
direct allocation
|
page read and write
|
||
|
A03000
|
heap
|
page read and write
|
||
|
2238000
|
direct allocation
|
page read and write
|
||
|
24C8000
|
direct allocation
|
page read and write
|
||
|
9D1000
|
heap
|
page read and write
|
||
|
21DA000
|
direct allocation
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
34EE000
|
stack
|
page read and write
|
||
|
221A000
|
direct allocation
|
page read and write
|
||
|
259C000
|
direct allocation
|
page read and write
|
||
|
2509000
|
direct allocation
|
page read and write
|
||
|
7FB40000
|
direct allocation
|
page read and write
|
||
|
2568000
|
direct allocation
|
page read and write
|
||
|
2853000
|
heap
|
page read and write
|
||
|
352E000
|
stack
|
page read and write
|
||
|
21CB000
|
direct allocation
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
99F000
|
stack
|
page read and write
|
||
|
9F1000
|
heap
|
page read and write
|
||
|
3DB8000
|
direct allocation
|
page read and write
|
||
|
26D0000
|
heap
|
page read and write
|
||
|
CD5000
|
heap
|
page read and write
|
||
|
2580000
|
direct allocation
|
page read and write
|
||
|
9DF000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
2231000
|
direct allocation
|
page read and write
|
||
|
3DC2000
|
direct allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
9E5000
|
heap
|
page read and write
|
||
|
9E9000
|
heap
|
page read and write
|
||
|
A04000
|
heap
|
page read and write
|
||
|
24F8000
|
direct allocation
|
page read and write
|
||
|
22D8000
|
direct allocation
|
page read and write
|
||
|
2205000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
349B000
|
direct allocation
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2510000
|
direct allocation
|
page read and write
|
||
|
83E000
|
stack
|
page read and write
|
||
|
9A8000
|
heap
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
6D1000
|
unkown
|
page read and write
|
||
|
9D4000
|
heap
|
page read and write
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
6D9000
|
unkown
|
page write copy
|
||
|
9A0000
|
heap
|
page read and write
|
||
|
6D6000
|
unkown
|
page read and write
|
||
|
2213000
|
direct allocation
|
page read and write
|
||
|
2534000
|
direct allocation
|
page read and write
|
||
|
34A3000
|
direct allocation
|
page read and write
|
||
|
89F000
|
stack
|
page read and write
|
||
|
3490000
|
heap
|
page read and write
|
||
|
24BA000
|
direct allocation
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
9CE000
|
heap
|
page read and write
|
||
|
6DE000
|
unkown
|
page readonly
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
22CA000
|
direct allocation
|
page read and write
|
||
|
24CF000
|
direct allocation
|
page read and write
|
||
|
2247000
|
direct allocation
|
page read and write
|
||
|
251C000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
252D000
|
direct allocation
|
page read and write
|
||
|
2526000
|
direct allocation
|
page read and write
|
||
|
9E7000
|
heap
|
page read and write
|
||
|
3480000
|
direct allocation
|
page read and write
|
||
|
257F000
|
direct allocation
|
page read and write
|
||
|
876000
|
heap
|
page read and write
|
||
|
9E8000
|
heap
|
page read and write
|
||
|
720000
|
heap
|
page read and write
|
||
|
2680000
|
heap
|
page read and write
|
||
|
9F1000
|
heap
|
page read and write
|
||
|
21EF000
|
direct allocation
|
page read and write
|
||
|
34BF000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
870000
|
heap
|
page read and write
|
||
|
2288000
|
direct allocation
|
page read and write
|
||
|
387F000
|
stack
|
page read and write
|
||
|
A0B000
|
heap
|
page read and write
|
||
|
2269000
|
direct allocation
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
21E8000
|
direct allocation
|
page read and write
|
||
|
2480000
|
direct allocation
|
page read and write
|
||
|
34AD000
|
direct allocation
|
page read and write
|
||
|
9BF000
|
heap
|
page read and write
|
||
|
24C1000
|
direct allocation
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
2578000
|
direct allocation
|
page read and write
|
||
|
22A6000
|
direct allocation
|
page read and write
|
||
|
22AD000
|
direct allocation
|
page read and write
|
||
|
26E0000
|
direct allocation
|
page execute and read and write
|
||
|
9DF000
|
heap
|
page read and write
|
||
|
24B2000
|
direct allocation
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
3580000
|
heap
|
page read and write
|
||
|
9E4000
|
heap
|
page read and write
|
||
|
224E000
|
direct allocation
|
page read and write
|
||
|
2594000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page read and write
|
||
|
25A3000
|
direct allocation
|
page read and write
|
||
|
3490000
|
direct allocation
|
page read and write
|
||
|
6A8000
|
heap
|
page read and write
|
||
|
9EE000
|
heap
|
page read and write
|
||
|
253D000
|
direct allocation
|
page read and write
|
||
|
248C000
|
direct allocation
|
page read and write
|
||
|
CD9000
|
heap
|
page read and write
|
||
|
22D1000
|
direct allocation
|
page read and write
|
||
|
21F6000
|
direct allocation
|
page read and write
|
||
|
9C3000
|
heap
|
page read and write
|
||
|
229F000
|
direct allocation
|
page read and write
|
||
|
2261000
|
direct allocation
|
page read and write
|
||
|
97E000
|
stack
|
page read and write
|
||
|
9C5000
|
heap
|
page read and write
|
||
|
25B1000
|
direct allocation
|
page read and write
|
||
|
52E000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
24AB000
|
direct allocation
|
page read and write
|
||
|
3DD8000
|
direct allocation
|
page read and write
|
||
|
2BF0000
|
heap
|
page read and write
|
||
|
377F000
|
stack
|
page read and write
|
||
|
7FE35000
|
direct allocation
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
22BC000
|
direct allocation
|
page read and write
|
||
|
24E5000
|
direct allocation
|
page read and write
|
||
|
24D6000
|
direct allocation
|
page read and write
|
||
|
2229000
|
direct allocation
|
page read and write
|
||
|
2C80000
|
trusted library allocation
|
page read and write
|
||
|
2298000
|
direct allocation
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
255A000
|
direct allocation
|
page read and write
|
||
|
9EA000
|
heap
|
page read and write
|
||
|
25AA000
|
direct allocation
|
page read and write
|
||
|
2878000
|
direct allocation
|
page read and write
|
There are 172 hidden memdumps, click here to show them.