Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
S34C65xU.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
||
|
C:\Driver\Samsung_Driver_Installer.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
 |
|
|
C:\Driver\Manual_S34C65xU\S34C65xU.cat
|
data
|
dropped
|
||
|
C:\Driver\Manual_S34C65xU\S34C65xU.icm
|
Microsoft color profile 2.2, RGB/XYZ-mntr device by SEC, 536 bytes, 14-3-2017 13:56:00, PCS, 0x3030303030303030 MD5 "Samsung
S27C90xP"
|
dropped
|
||
|
C:\Driver\Manual_S34C65xU\S34C65xU.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\Driver\S34C65xU.cat
|
data
|
dropped
|
||
|
C:\Driver\S34C65xU.icm
|
Microsoft color profile 2.2, RGB/XYZ-mntr device by SEC, 536 bytes, 14-3-2017 13:56:00, PCS, 0x3030303030303030 MD5 "Samsung
S27C90xP"
|
dropped
|
||
|
C:\Driver\S34C65xU.inf
|
Windows setup INFormation
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Samsung_Driver_I_8eed55e27c43b9c57636aa58c88d2e557d153d1_0cdd0738_c03bf17d-4e1a-409e-83ae-3bc1cc2052fe\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3508.tmp.mdmp
|
Mini DuMP crash report, 15 streams, Fri Apr 19 15:00:44 2024, 0x260521 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER38E1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER394F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\S34C65xU.exe
|
"C:\Users\user\Desktop\S34C65xU.exe"
|
|
|
|
C:\Driver\Samsung_Driver_Installer.exe
|
"C:\Driver\Samsung_Driver_Installer.exe"
|
|
|
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 4560 -s 1800
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://fontfabrik.com
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-jones.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
ProgramId
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
FileId
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
LongPathHash
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Name
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
OriginalFileName
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Publisher
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Version
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
BinFileVersion
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
BinaryType
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
ProductName
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
ProductVersion
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
LinkDate
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
BinProductVersion
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Size
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Language
|
||
|
\REGISTRY\A\{c9f68713-5e4d-8ca6-f919-9e87f3855f5d}\Root\InventoryApplicationFile\samsung_driver_i|2c0667a1a55b5e67
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B92EA0FCD
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
5F8000
|
heap
|
page read and write
|
||
|
60E000
|
unkown
|
page readonly
|
||
|
618000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
459000
|
unkown
|
page execute and write copy
|
||
|
2C92000
|
trusted library allocation
|
page read and write
|
||
|
60F000
|
heap
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
2C9A000
|
trusted library allocation
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
64E000
|
heap
|
page read and write
|
||
|
499C000
|
stack
|
page read and write
|
||
|
1B9EC000
|
stack
|
page read and write
|
||
|
80E000
|
stack
|
page read and write
|
||
|
1F74B000
|
stack
|
page read and write
|
||
|
5F8000
|
heap
|
page read and write
|
||
|
4AC0000
|
trusted library allocation
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
1D0EA000
|
trusted library allocation
|
page read and write
|
||
|
2C01000
|
trusted library allocation
|
page read and write
|
||
|
46DF000
|
stack
|
page read and write
|
||
|
28BE000
|
stack
|
page read and write
|
||
|
AD3000
|
heap
|
page read and write
|
||
|
2306000
|
heap
|
page read and write
|
||
|
1B893000
|
heap
|
page read and write
|
||
|
F86000
|
heap
|
page read and write
|
||
|
7FF9D1C72000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9D1D2A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
7FF9D1D35000
|
trusted library allocation
|
page read and write
|
||
|
2E0000
|
unkown
|
page readonly
|
||
|
640000
|
heap
|
page read and write
|
||
|
436E000
|
stack
|
page read and write
|
||
|
1D3FE000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page read and write
|
||
|
7FF9D1DAC000
|
trusted library allocation
|
page read and write
|
||
|
627000
|
heap
|
page read and write
|
||
|
7FF9D1C62000
|
trusted library allocation
|
page execute and read and write
|
||
|
446F000
|
stack
|
page read and write
|
||
|
AFA000
|
heap
|
page read and write
|
||
|
AB5000
|
heap
|
page read and write
|
||
|
2404000
|
heap
|
page read and write
|
||
|
1B610000
|
heap
|
page read and write
|
||
|
9A000
|
stack
|
page read and write
|
||
|
ADB000
|
heap
|
page read and write
|
||
|
2912000
|
heap
|
page read and write
|
||
|
659000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
7FF9D1D3A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
1F220000
|
trusted library allocation
|
page read and write
|
||
|
70E000
|
stack
|
page read and write
|
||
|
FD5000
|
heap
|
page read and write
|
||
|
7FF9D1C86000
|
trusted library allocation
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
611000
|
heap
|
page read and write
|
||
|
1CEE8000
|
trusted library allocation
|
page read and write
|
||
|
20000
|
trusted library allocation
|
page read and write
|
||
|
94F000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BAD5000
|
heap
|
page read and write
|
||
|
1B720000
|
heap
|
page read and write
|
||
|
5F4000
|
heap
|
page read and write
|
||
|
7FF9D1E00000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9D1CC4000
|
trusted library allocation
|
page execute and read and write
|
||
|
1F010000
|
trusted library allocation
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
B45000
|
heap
|
page read and write
|
||
|
1F020000
|
heap
|
page read and write
|
||
|
7FF9D1D3D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4FE000
|
stack
|
page read and write
|
||
|
84E000
|
stack
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
1BA90000
|
heap
|
page read and write
|
||
|
7FF9D1D30000
|
trusted library allocation
|
page read and write
|
||
|
1BAE0000
|
heap
|
page read and write
|
||
|
7FF9D1C6A000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CEE1000
|
trusted library allocation
|
page read and write
|
||
|
1BB62000
|
heap
|
page read and write
|
||
|
1F79B000
|
trusted library allocation
|
page read and write
|
||
|
287E000
|
stack
|
page read and write
|
||
|
1D5000
|
heap
|
page read and write
|
||
|
1F340000
|
trusted library section
|
page read and write
|
||
|
60B000
|
heap
|
page read and write
|
||
|
644000
|
heap
|
page read and write
|
||
|
12C05000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
632000
|
heap
|
page read and write
|
||
|
7FF9D1C70000
|
trusted library allocation
|
page read and write
|
||
|
1B4DE000
|
stack
|
page read and write
|
||
|
AD5000
|
heap
|
page read and write
|
||
|
47C000
|
unkown
|
page execute and read and write
|
||
|
5DA000
|
heap
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
1BAB0000
|
heap
|
page execute and read and write
|
||
|
1B743000
|
heap
|
page read and write
|
||
|
1F7E0000
|
trusted library allocation
|
page read and write
|
||
|
2C96000
|
trusted library allocation
|
page read and write
|
||
|
7FF9D1E40000
|
trusted library allocation
|
page read and write
|
||
|
485E000
|
stack
|
page read and write
|
||
|
A55000
|
heap
|
page read and write
|
||
|
647000
|
heap
|
page read and write
|
||
|
7FF4724C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CBE0000
|
heap
|
page read and write
|
||
|
1D0E0000
|
trusted library allocation
|
page read and write
|
||
|
AD0000
|
heap
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
62B000
|
heap
|
page read and write
|
||
|
1B880000
|
trusted library allocation
|
page read and write
|
||
|
2912000
|
heap
|
page read and write
|
||
|
4A9C000
|
stack
|
page read and write
|
||
|
A9A000
|
heap
|
page read and write
|
||
|
E2E000
|
stack
|
page read and write
|
||
|
495F000
|
stack
|
page read and write
|
||
|
1BB30000
|
heap
|
page read and write
|
||
|
481F000
|
stack
|
page read and write
|
||
|
1F790000
|
trusted library allocation
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
7FF4724D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
64B000
|
heap
|
page read and write
|
||
|
2900000
|
heap
|
page read and write
|
||
|
1D2FE000
|
stack
|
page read and write
|
||
|
12C07000
|
trusted library allocation
|
page read and write
|
||
|
65C000
|
heap
|
page read and write
|
||
|
A20000
|
heap
|
page read and write
|
||
|
488000
|
unkown
|
page write copy
|
||
|
1F0D0000
|
heap
|
page read and write
|
||
|
1CEC6000
|
trusted library allocation
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
7FF9D1DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
486000
|
unkown
|
page execute and read and write
|
||
|
609000
|
heap
|
page read and write
|
||
|
471E000
|
stack
|
page read and write
|
||
|
7D0000
|
heap
|
page read and write
|
||
|
45DE000
|
stack
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
F80000
|
heap
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
A6D000
|
heap
|
page read and write
|
||
|
2912000
|
heap
|
page read and write
|
||
|
1B8D0000
|
trusted library section
|
page readonly
|
||
|
495000
|
unkown
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
11A3000
|
heap
|
page execute and read and write
|
||
|
1D1FB000
|
stack
|
page read and write
|
||
|
1D0F0000
|
trusted library allocation
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
28F0000
|
heap
|
page read and write
|
||
|
B4F000
|
heap
|
page read and write
|
||
|
2908000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page execute and read and write
|
||
|
7FF9D1C93000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B71E000
|
stack
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
1B890000
|
heap
|
page read and write
|
||
|
27C0000
|
heap
|
page read and write
|
||
|
7FF9D1E20000
|
trusted library allocation
|
page execute and read and write
|
||
|
61C000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
2907000
|
heap
|
page read and write
|
||
|
A8F000
|
stack
|
page read and write
|
||
|
F83000
|
heap
|
page read and write
|
||
|
2911000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
7FF9D1C80000
|
trusted library allocation
|
page read and write
|
||
|
B56000
|
heap
|
page read and write
|
||
|
7FF9D1E30000
|
trusted library allocation
|
page execute and read and write
|
||
|
1BAF0000
|
heap
|
page read and write
|
||
|
2E2000
|
unkown
|
page readonly
|
||
|
1CD02000
|
trusted library allocation
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
7FF9D1E10000
|
trusted library allocation
|
page read and write
|
||
|
1BAD0000
|
heap
|
page read and write
|
||
|
7FF9D1DA0000
|
trusted library allocation
|
page read and write
|
||
|
1D510000
|
heap
|
page read and write
|
||
|
12C01000
|
trusted library allocation
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
1B8E0000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
638000
|
heap
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1F7E4000
|
trusted library allocation
|
page read and write
|
||
|
B2D000
|
heap
|
page read and write
|
||
|
7FF9D1C8F000
|
trusted library allocation
|
page execute and read and write
|
||
|
A50000
|
heap
|
page read and write
|
||
|
1D0E4000
|
trusted library allocation
|
page read and write
|
||
|
7FF9D1D62000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9D1DF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF9D1D22000
|
trusted library allocation
|
page execute and read and write
|
||
|
626000
|
heap
|
page read and write
|
||
|
1D500000
|
trusted library allocation
|
page read and write
|
||
|
D2E000
|
stack
|
page read and write
|
||
|
5DE000
|
heap
|
page read and write
|
||
|
755000
|
stack
|
page read and write
|
||
|
1B748000
|
heap
|
page read and write
|
||
|
1CCE0000
|
trusted library allocation
|
page read and write
|
||
|
2E0000
|
unkown
|
page readonly
|
||
|
1B75C000
|
heap
|
page read and write
|
||
|
1B5DE000
|
stack
|
page read and write
|
||
|
2909000
|
heap
|
page read and write
|
||
|
1CEBE000
|
trusted library allocation
|
page read and write
|
||
|
653000
|
heap
|
page read and write
|
There are 197 hidden memdumps, click here to show them.