Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
3GJ6S3Kwnb.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Airplane_6.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Bluetooth Suite help_SL.chm
|
MS Windows HtmlHelp Data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\DiFxAPI.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\HPPrintScanDoctorDeploymentMgr.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\NativeAdapter.dll
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\REINSPECTED.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600,
atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Tilplant\stygial.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Velsespladser5.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\igoAudSessionMonitor.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nszC32E.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\3GJ6S3Kwnb.exe
|
"C:\Users\user\Desktop\3GJ6S3Kwnb.exe"
|
|
|
|
C:\Users\user\Desktop\3GJ6S3Kwnb.exe
|
"C:\Users\user\Desktop\3GJ6S3Kwnb.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin
|
46.30.213.33
|
|
|
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bink
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin-
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binl
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin3
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin2
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin-3778222414-1001/
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bink.ch/loader/amagidom
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bintemRx9
|
unknown
|
||
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binom_VRCLkUVry246.bin
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binmswsock.dll.muin
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binvarnish
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binwshqos.dll.mui
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binH
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binM
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binS
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin8
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.bin=
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binC
|
unknown
|
||
|
http://bprbeulentechnik.ch/loader/amagidom_VRCLkUVry246.binW9x
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bprbeulentechnik.ch
|
46.30.213.33
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.30.213.33
|
bprbeulentechnik.ch
|
Denmark
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
TRKAGES
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
35C0000
|
direct allocation
|
page execute and read and write
|
|
|
|
1660000
|
remote allocation
|
page execute and read and write
|
|
|
|
33D0000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
unkown
|
page write copy
|
||
|
21705190000
|
heap
|
page read and write
|
||
|
21705D6B000
|
heap
|
page read and write
|
||
|
217054D0000
|
heap
|
page read and write
|
||
|
1A88000
|
heap
|
page read and write
|
||
|
C97597E000
|
stack
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
2170527C000
|
heap
|
page read and write
|
||
|
21705D76000
|
heap
|
page read and write
|
||
|
21705213000
|
heap
|
page read and write
|
||
|
AB0E97C000
|
stack
|
page read and write
|
||
|
5EA000
|
unkown
|
page write copy
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1D17E000
|
stack
|
page read and write
|
||
|
22726060000
|
heap
|
page read and write
|
||
|
21705297000
|
heap
|
page read and write
|
||
|
6F3000
|
heap
|
page read and write
|
||
|
437000
|
unkown
|
page read and write
|
||
|
1AD1000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
21705D2A000
|
heap
|
page read and write
|
||
|
1B0C000
|
heap
|
page read and write
|
||
|
22726400000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2B2ED648000
|
heap
|
page read and write
|
||
|
21705D2E000
|
heap
|
page read and write
|
||
|
1904000
|
heap
|
page read and write
|
||
|
21705D6D000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
2A66000
|
trusted library allocation
|
page read and write
|
||
|
6F4000
|
heap
|
page read and write
|
||
|
1D1BF000
|
stack
|
page read and write
|
||
|
3350000
|
trusted library allocation
|
page read and write
|
||
|
1D13B000
|
stack
|
page read and write
|
||
|
2A6B000
|
trusted library allocation
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
21705120000
|
heap
|
page read and write
|
||
|
2B2ED520000
|
unclassified section
|
page readonly
|
||
|
21705D13000
|
heap
|
page read and write
|
||
|
21705D76000
|
heap
|
page read and write
|
||
|
2B2ED682000
|
heap
|
page read and write
|
||
|
217052AA000
|
heap
|
page read and write
|
||
|
21705291000
|
heap
|
page read and write
|
||
|
3CBC000
|
stack
|
page read and write
|
||
|
889717E000
|
stack
|
page read and write
|
||
|
AB0ED7C000
|
stack
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
||
|
21705D2F000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
3390000
|
trusted library allocation
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
5869000
|
trusted library allocation
|
page read and write
|
||
|
227260D0000
|
heap
|
page read and write
|
||
|
21705300000
|
heap
|
page read and write
|
||
|
21705D2C000
|
heap
|
page read and write
|
||
|
6D1000
|
heap
|
page read and write
|
||
|
2B2ED631000
|
heap
|
page read and write
|
||
|
2B2ED62A000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
21705C00000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2B2ED689000
|
heap
|
page read and write
|
||
|
2A67000
|
trusted library allocation
|
page read and write
|
||
|
2170529D000
|
heap
|
page read and write
|
||
|
21705D41000
|
heap
|
page read and write
|
||
|
70DB4000
|
unkown
|
page readonly
|
||
|
607000
|
heap
|
page read and write
|
||
|
6B1000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
2B2ED64F000
|
heap
|
page read and write
|
||
|
1900000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B2ED410000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
70DB1000
|
unkown
|
page execute read
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
C975A7A000
|
stack
|
page read and write
|
||
|
21705D2B000
|
heap
|
page read and write
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
22726213000
|
heap
|
page read and write
|
||
|
2B2ED67D000
|
heap
|
page read and write
|
||
|
6E9000
|
heap
|
page read and write
|
||
|
21705D2C000
|
heap
|
page read and write
|
||
|
217052A8000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2A6D000
|
trusted library allocation
|
page read and write
|
||
|
22726202000
|
heap
|
page read and write
|
||
|
2B2ED655000
|
heap
|
page read and write
|
||
|
217052BB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
3410000
|
trusted library allocation
|
page read and write
|
||
|
21705D4B000
|
heap
|
page read and write
|
||
|
566000
|
unkown
|
page write copy
|
||
|
21705200000
|
heap
|
page read and write
|
||
|
21705281000
|
heap
|
page read and write
|
||
|
217052B8000
|
heap
|
page read and write
|
||
|
8896F7E000
|
stack
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
21705D74000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
21705D70000
|
heap
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
2B2ED613000
|
heap
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
AB0EB7B000
|
stack
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
3DC0000
|
trusted library allocation
|
page read and write
|
||
|
2170522A000
|
heap
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
21705D56000
|
heap
|
page read and write
|
||
|
2170527B000
|
heap
|
page read and write
|
||
|
1CAE1000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
408000
|
unkown
|
page readonly
|
||
|
227261E0000
|
unclassified section
|
page readonly
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
2272626E000
|
heap
|
page read and write
|
||
|
2A6C000
|
trusted library allocation
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
2B2ED686000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
2B2ED68B000
|
heap
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
22726200000
|
heap
|
page read and write
|
||
|
889727E000
|
stack
|
page read and write
|
||
|
1D07E000
|
stack
|
page read and write
|
||
|
6A1000
|
heap
|
page read and write
|
||
|
2930000
|
heap
|
page read and write
|
||
|
34C0000
|
trusted library allocation
|
page read and write
|
||
|
21705240000
|
heap
|
page read and write
|
||
|
21705280000
|
heap
|
page read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
2B2EDE02000
|
trusted library allocation
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2939000
|
heap
|
page read and write
|
||
|
21705D3B000
|
heap
|
page read and write
|
||
|
21705D2E000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
C97587F000
|
stack
|
page read and write
|
||
|
217052A8000
|
heap
|
page read and write
|
||
|
21705D2D000
|
heap
|
page read and write
|
||
|
AB0E87E000
|
stack
|
page read and write
|
||
|
282F000
|
stack
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
8896BFB000
|
stack
|
page read and write
|
||
|
217052A6000
|
heap
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
5EC000
|
unkown
|
page write copy
|
||
|
21705D2A000
|
heap
|
page read and write
|
||
|
2A6B000
|
trusted library allocation
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
2B2ED68D000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page write copy
|
||
|
B20000
|
heap
|
page read and write
|
||
|
21705D7C000
|
heap
|
page read and write
|
||
|
2B2ED640000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
21705D2C000
|
heap
|
page read and write
|
||
|
649000
|
unkown
|
page write copy
|
||
|
21705D7C000
|
heap
|
page read and write
|
||
|
2272627E000
|
heap
|
page read and write
|
||
|
AB0E34B000
|
stack
|
page read and write
|
||
|
2B2ED3B0000
|
heap
|
page read and write
|
||
|
21705D74000
|
heap
|
page read and write
|
||
|
2B2ED68F000
|
heap
|
page read and write
|
||
|
21705D29000
|
heap
|
page read and write
|
||
|
8896EFF000
|
stack
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
22726302000
|
heap
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
21705313000
|
heap
|
page read and write
|
||
|
2B2ED530000
|
heap
|
page read and write
|
||
|
2B2ED666000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
21705D10000
|
heap
|
page read and write
|
||
|
1CBE0000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2A64000
|
trusted library allocation
|
page read and write
|
||
|
21705D29000
|
heap
|
page read and write
|
||
|
217052B8000
|
heap
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
B6E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
217052A3000
|
heap
|
page read and write
|
||
|
8897379000
|
stack
|
page read and write
|
||
|
21705AA0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
70DB0000
|
unkown
|
page readonly
|
||
|
2B2ED670000
|
heap
|
page read and write
|
||
|
6B1000
|
heap
|
page read and write
|
||
|
21705297000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page write copy
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
21705274000
|
heap
|
page read and write
|
||
|
4C1000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22726240000
|
heap
|
page read and write
|
||
|
21705282000
|
heap
|
page read and write
|
||
|
2B2ED64A000
|
heap
|
page read and write
|
||
|
B24000
|
heap
|
page read and write
|
||
|
2170526B000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
2B2ED702000
|
heap
|
page read and write
|
||
|
21705D70000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
21705302000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
22726254000
|
heap
|
page read and write
|
||
|
21705D32000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2B2ED684000
|
heap
|
page read and write
|
||
|
B89000
|
heap
|
page read and write
|
||
|
2B2ED580000
|
trusted library allocation
|
page read and write
|
||
|
21705282000
|
heap
|
page read and write
|
||
|
21705D40000
|
heap
|
page read and write
|
||
|
1CAE0000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1049000
|
unkown
|
page write copy
|
||
|
22726C02000
|
trusted library allocation
|
page read and write
|
||
|
1CC70000
|
heap
|
page read and write
|
||
|
37C0000
|
trusted library allocation
|
page read and write
|
||
|
21705C02000
|
heap
|
page read and write
|
||
|
2B2ED688000
|
heap
|
page read and write
|
||
|
1A80000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
227269E0000
|
trusted library allocation
|
page read and write
|
||
|
21705329000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
33D2000
|
trusted library allocation
|
page read and write
|
||
|
2B2ED67E000
|
heap
|
page read and write
|
||
|
AB0EC7C000
|
stack
|
page read and write
|
||
|
2B2ED620000
|
heap
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
1B00000
|
heap
|
page read and write
|
||
|
2B2ED681000
|
heap
|
page read and write
|
||
|
21705D2C000
|
heap
|
page read and write
|
||
|
217051D0000
|
unclassified section
|
page readonly
|
||
|
2B2ED63B000
|
heap
|
page read and write
|
||
|
21705D5B000
|
heap
|
page read and write
|
||
|
2B2ED68C000
|
heap
|
page read and write
|
||
|
2B2ED67F000
|
heap
|
page read and write
|
||
|
6B1000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
21705D37000
|
heap
|
page read and write
|
||
|
C9752DB000
|
stack
|
page read and write
|
||
|
6AD000
|
heap
|
page read and write
|
||
|
AB0EA7D000
|
stack
|
page read and write
|
||
|
5E8000
|
unkown
|
page write copy
|
||
|
1D0BE000
|
stack
|
page read and write
|
||
|
AB0E7F9000
|
stack
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
2B2ED685000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
33E0000
|
trusted library allocation
|
page read and write
|
||
|
70DB6000
|
unkown
|
page readonly
|
||
|
1D0FD000
|
stack
|
page read and write
|
||
|
6B1000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
1D30000
|
heap
|
page read and write
|
||
|
3DBB000
|
stack
|
page read and write
|
||
|
1ACB000
|
heap
|
page read and write
|
||
|
6DD000
|
heap
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
6B1000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page write copy
|
||
|
2170525F000
|
heap
|
page read and write
|
||
|
1AE9000
|
heap
|
page read and write
|
||
|
21705D00000
|
heap
|
page read and write
|
||
|
23E0000
|
heap
|
page read and write
|
||
|
1950000
|
trusted library allocation
|
page read and write
|
||
|
21705C15000
|
heap
|
page read and write
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
21705293000
|
heap
|
page read and write
|
||
|
2B2ED600000
|
heap
|
page read and write
|
||
|
2272622A000
|
heap
|
page read and write
|
||
|
21705D02000
|
heap
|
page read and write
|
There are 286 hidden memdumps, click here to show them.