Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
cryptomator-portable-win64-1.12.3-13-setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\is-Q26BG.tmp\_isetup\_setup64.tmp
|
PE32+ executable (console) x86-64, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe
|
"C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe"
|
||
|
C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp
|
"C:\Users\user\AppData\Local\Temp\is-6E0OG.tmp\cryptomator-portable-win64-1.12.3-13-setup.tmp" /SL5="$1045A,44279211,1187328,C:\Users\user\Desktop\cryptomator-portable-win64-1.12.3-13-setup.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://cryptomator.org/.
|
unknown
|
||
|
https://github.com/portapps/cryptomator-portable
|
unknown
|
||
|
https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
|
unknown
|
||
|
https://www.remobjects.com/ps
|
unknown
|
||
|
https://www.innosetup.com/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Owner
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
SessionHash
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
|
Sequence
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
80C000
|
heap
|
page read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
2261000
|
direct allocation
|
page read and write
|
||
|
221C000
|
direct allocation
|
page read and write
|
||
|
22B8000
|
direct allocation
|
page read and write
|
||
|
268A000
|
direct allocation
|
page read and write
|
||
|
6F4000
|
unkown
|
page readonly
|
||
|
2340000
|
heap
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
25B4000
|
direct allocation
|
page read and write
|
||
|
3937000
|
direct allocation
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
3B8F000
|
stack
|
page read and write
|
||
|
21FF000
|
direct allocation
|
page read and write
|
||
|
821000
|
heap
|
page read and write
|
||
|
222C000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
D80000
|
heap
|
page read and write
|
||
|
26E4000
|
direct allocation
|
page read and write
|
||
|
93000
|
stack
|
page read and write
|
||
|
70C000
|
unkown
|
page readonly
|
||
|
4EA000
|
unkown
|
page readonly
|
||
|
2614000
|
direct allocation
|
page read and write
|
||
|
6D6000
|
unkown
|
page read and write
|
||
|
590000
|
heap
|
page read and write
|
||
|
21B7000
|
direct allocation
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
7FDD6000
|
direct allocation
|
page read and write
|
||
|
25BB000
|
direct allocation
|
page read and write
|
||
|
7FDFE000
|
direct allocation
|
page read and write
|
||
|
818000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
6C7000
|
unkown
|
page write copy
|
||
|
2224000
|
direct allocation
|
page read and write
|
||
|
D90000
|
direct allocation
|
page execute and read and write
|
||
|
2666000
|
direct allocation
|
page read and write
|
||
|
266D000
|
direct allocation
|
page read and write
|
||
|
2572000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page write copy
|
||
|
6CE000
|
unkown
|
page read and write
|
||
|
3620000
|
direct allocation
|
page read and write
|
||
|
2286000
|
direct allocation
|
page read and write
|
||
|
22AA000
|
direct allocation
|
page read and write
|
||
|
6DE000
|
unkown
|
page readonly
|
||
|
263A000
|
direct allocation
|
page read and write
|
||
|
2E10000
|
trusted library allocation
|
page read and write
|
||
|
21F8000
|
direct allocation
|
page read and write
|
||
|
4B7000
|
unkown
|
page read and write
|
||
|
392C000
|
direct allocation
|
page read and write
|
||
|
7FE40000
|
direct allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page write copy
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2562000
|
direct allocation
|
page read and write
|
||
|
391C000
|
direct allocation
|
page read and write
|
||
|
378E000
|
stack
|
page read and write
|
||
|
4C6000
|
unkown
|
page readonly
|
||
|
25D8000
|
direct allocation
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
DB5000
|
heap
|
page read and write
|
||
|
2691000
|
direct allocation
|
page read and write
|
||
|
3620000
|
direct allocation
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
3610000
|
direct allocation
|
page read and write
|
||
|
22A3000
|
direct allocation
|
page read and write
|
||
|
6D1000
|
unkown
|
page read and write
|
||
|
25AD000
|
direct allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
3610000
|
direct allocation
|
page read and write
|
||
|
2233000
|
direct allocation
|
page read and write
|
||
|
2674000
|
direct allocation
|
page read and write
|
||
|
770000
|
heap
|
page read and write
|
||
|
4D9000
|
unkown
|
page readonly
|
||
|
219F000
|
direct allocation
|
page read and write
|
||
|
6E0000
|
unkown
|
page readonly
|
||
|
26A2000
|
direct allocation
|
page read and write
|
||
|
21C5000
|
direct allocation
|
page read and write
|
||
|
395F000
|
direct allocation
|
page read and write
|
||
|
2249000
|
direct allocation
|
page read and write
|
||
|
6DD000
|
unkown
|
page read and write
|
||
|
7C8000
|
heap
|
page read and write
|
||
|
227F000
|
direct allocation
|
page read and write
|
||
|
4C4000
|
unkown
|
page readonly
|
||
|
2D80000
|
heap
|
page read and write
|
||
|
28A0000
|
heap
|
page read and write
|
||
|
21BE000
|
direct allocation
|
page read and write
|
||
|
2241000
|
direct allocation
|
page read and write
|
||
|
260D000
|
direct allocation
|
page read and write
|
||
|
2606000
|
direct allocation
|
page read and write
|
||
|
26B0000
|
heap
|
page read and write
|
||
|
28A3000
|
heap
|
page read and write
|
||
|
5C8000
|
heap
|
page read and write
|
||
|
229C000
|
direct allocation
|
page read and write
|
||
|
3959000
|
direct allocation
|
page read and write
|
||
|
25C9000
|
direct allocation
|
page read and write
|
||
|
25C2000
|
direct allocation
|
page read and write
|
||
|
7E2000
|
heap
|
page read and write
|
||
|
DB9000
|
heap
|
page read and write
|
||
|
256A000
|
direct allocation
|
page read and write
|
||
|
2294000
|
direct allocation
|
page read and write
|
||
|
4B9000
|
unkown
|
page read and write
|
||
|
25A6000
|
direct allocation
|
page read and write
|
||
|
806000
|
heap
|
page read and write
|
||
|
52B000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
842000
|
heap
|
page read and write
|
||
|
259E000
|
direct allocation
|
page read and write
|
||
|
3646000
|
direct allocation
|
page read and write
|
||
|
2215000
|
direct allocation
|
page read and write
|
||
|
6D9000
|
unkown
|
page write copy
|
||
|
21CD000
|
direct allocation
|
page read and write
|
||
|
2597000
|
direct allocation
|
page read and write
|
||
|
21F1000
|
direct allocation
|
page read and write
|
||
|
4C0000
|
unkown
|
page read and write
|
||
|
7FD000
|
heap
|
page read and write
|
||
|
21E2000
|
direct allocation
|
page read and write
|
||
|
21E9000
|
direct allocation
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
21D4000
|
direct allocation
|
page read and write
|
||
|
75E000
|
unkown
|
page readonly
|
||
|
228D000
|
direct allocation
|
page read and write
|
||
|
2582000
|
direct allocation
|
page read and write
|
||
|
365B000
|
direct allocation
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
2658000
|
direct allocation
|
page read and write
|
||
|
25F0000
|
direct allocation
|
page read and write
|
||
|
21DB000
|
direct allocation
|
page read and write
|
||
|
2624000
|
direct allocation
|
page read and write
|
||
|
6C7000
|
unkown
|
page read and write
|
||
|
22B1000
|
direct allocation
|
page read and write
|
||
|
267A000
|
direct allocation
|
page read and write
|
||
|
7C0000
|
heap
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
3948000
|
direct allocation
|
page read and write
|
||
|
390C000
|
direct allocation
|
page read and write
|
||
|
2268000
|
direct allocation
|
page read and write
|
||
|
2251000
|
direct allocation
|
page read and write
|
||
|
7FAF0000
|
direct allocation
|
page read and write
|
||
|
2560000
|
direct allocation
|
page read and write
|
||
|
267C000
|
direct allocation
|
page read and write
|
||
|
220D000
|
direct allocation
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
25FF000
|
direct allocation
|
page read and write
|
||
|
2632000
|
direct allocation
|
page read and write
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
2278000
|
direct allocation
|
page read and write
|
||
|
2206000
|
direct allocation
|
page read and write
|
||
|
262B000
|
direct allocation
|
page read and write
|
||
|
3928000
|
direct allocation
|
page read and write
|
||
|
25FC000
|
direct allocation
|
page read and write
|
||
|
25E8000
|
direct allocation
|
page read and write
|
||
|
38E8000
|
direct allocation
|
page read and write
|
||
|
225A000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
71D000
|
unkown
|
page readonly
|
||
|
38F3000
|
direct allocation
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
3903000
|
direct allocation
|
page read and write
|
||
|
3658000
|
direct allocation
|
page read and write
|
||
|
265F000
|
direct allocation
|
page read and write
|
||
|
2590000
|
direct allocation
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
828000
|
heap
|
page read and write
|
||
|
38DF000
|
direct allocation
|
page read and write
|
There are 156 hidden memdumps, click here to show them.