Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
INVOICE.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Arteriagra2.Syr
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\BCGCBProRes_it-IT.nls
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\System.Runtime.Handles.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\System.Threading.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\alnicoes.til
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\drive-harddisk-usb-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\go-bottom-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsg5565.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\updater.ini
|
Windows setup INFormation, UTF-8 Unicode text, with very long lines
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-trash-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\INVOICE.exe
|
"C:\Users\user\Desktop\INVOICE.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://cdn.discordapp.com/attachments/963535165500588126/978282265127825408/NANOBIN_HBsjI150.bin
|
|||
|
https://github.com/dotnet/runtimeBSJB
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://mozilla.org/MPL/2.0/.
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\heliolitidae
|
Tndt228
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\neoplatonic\Harlekinsommerfugl6
|
unportentous
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sptte210\Prjudicerer211
|
Expand String Value
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
29F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
42C000
|
unkown
|
page read and write
|
||
|
279CE9D0000
|
trusted library allocation
|
page read and write
|
||
|
2135BE00000
|
heap
|
page read and write
|
||
|
249F60A0000
|
heap
|
page read and write
|
||
|
232C416F000
|
heap
|
page read and write
|
||
|
662000
|
heap
|
page read and write
|
||
|
232C364D000
|
heap
|
page read and write
|
||
|
279CE9E5000
|
heap
|
page read and write
|
||
|
249F6100000
|
heap
|
page read and write
|
||
|
232C3702000
|
heap
|
page read and write
|
||
|
45F000
|
unkown
|
page readonly
|
||
|
232C41BB000
|
heap
|
page read and write
|
||
|
232C41A5000
|
heap
|
page read and write
|
||
|
2135BF02000
|
heap
|
page read and write
|
||
|
279CE870000
|
heap
|
page read and write
|
||
|
232C3654000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
249F6313000
|
heap
|
page read and write
|
||
|
232C36BE000
|
heap
|
page read and write
|
||
|
232C41BB000
|
heap
|
page read and write
|
||
|
2135BE4F000
|
heap
|
page read and write
|
||
|
239D000
|
stack
|
page read and write
|
||
|
2A21185B000
|
heap
|
page read and write
|
||
|
2A211802000
|
heap
|
page read and write
|
||
|
2A211800000
|
heap
|
page read and write
|
||
|
2A211610000
|
heap
|
page read and write
|
||
|
E0DAF7F000
|
stack
|
page read and write
|
||
|
232C364F000
|
heap
|
page read and write
|
||
|
232C4197000
|
heap
|
page read and write
|
||
|
2135BE7A000
|
heap
|
page read and write
|
||
|
2135BD20000
|
heap
|
page read and write
|
||
|
E0DB2FB000
|
stack
|
page read and write
|
||
|
249F6213000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
D2206FF000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
2A211710000
|
trusted library allocation
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
279CF7A0000
|
trusted library allocation
|
page read and write
|
||
|
545000
|
heap
|
page read and write
|
||
|
232C3664000
|
heap
|
page read and write
|
||
|
E0DAFFD000
|
stack
|
page read and write
|
||
|
232C3629000
|
heap
|
page read and write
|
||
|
232C416F000
|
heap
|
page read and write
|
||
|
2A2115B0000
|
heap
|
page read and write
|
||
|
279CE8B6000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
2A211878000
|
heap
|
page read and write
|
||
|
279CF540000
|
trusted library allocation
|
page read and write
|
||
|
1CFFC906000
|
heap
|
page read and write
|
||
|
232C3659000
|
heap
|
page read and write
|
||
|
232C416F000
|
heap
|
page read and write
|
||
|
249F6289000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
D5A2BEB000
|
stack
|
page read and write
|
||
|
279CE8BE000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
E0DAEFB000
|
stack
|
page read and write
|
||
|
232C3570000
|
heap
|
page read and write
|
||
|
279CE6F0000
|
heap
|
page read and write
|
||
|
232C3600000
|
heap
|
page read and write
|
||
|
249F6291000
|
heap
|
page read and write
|
||
|
1CFFC918000
|
heap
|
page read and write
|
||
|
F3066FC000
|
stack
|
page read and write
|
||
|
1CFFC937000
|
heap
|
page read and write
|
||
|
232C35D0000
|
heap
|
page read and write
|
||
|
2135BE4A000
|
heap
|
page read and write
|
||
|
2135BE3C000
|
heap
|
page read and write
|
||
|
249F6200000
|
heap
|
page read and write
|
||
|
232C3560000
|
heap
|
page read and write
|
||
|
2135BE70000
|
heap
|
page read and write
|
||
|
232C3650000
|
heap
|
page read and write
|
||
|
232C36ED000
|
heap
|
page read and write
|
||
|
2A211900000
|
heap
|
page read and write
|
||
|
73546000
|
unkown
|
page readonly
|
||
|
249F6090000
|
heap
|
page read and write
|
||
|
279CE700000
|
trusted library allocation
|
page read and write
|
||
|
153A78000
|
stack
|
page read and write
|
||
|
232C4600000
|
heap
|
page read and write
|
||
|
4C0000
|
trusted library allocation
|
page read and write
|
||
|
D5A2F7A000
|
stack
|
page read and write
|
||
|
249F6266000
|
heap
|
page read and write
|
||
|
232C3716000
|
heap
|
page read and write
|
||
|
249F627E000
|
heap
|
page read and write
|
||
|
249F6A02000
|
trusted library allocation
|
page read and write
|
||
|
232C3F30000
|
remote allocation
|
page read and write
|
||
|
2A211902000
|
heap
|
page read and write
|
||
|
1CFFC8C0000
|
heap
|
page read and write
|
||
|
279CE9E0000
|
heap
|
page read and write
|
||
|
D5A30F9000
|
stack
|
page read and write
|
||
|
2350000
|
trusted library allocation
|
page read and write
|
||
|
232C4177000
|
heap
|
page read and write
|
||
|
249F69A0000
|
trusted library allocation
|
page read and write
|
||
|
1CFFC907000
|
heap
|
page read and write
|
||
|
232C3656000
|
heap
|
page read and write
|
||
|
1CFFC902000
|
heap
|
page read and write
|
||
|
D5A2FF9000
|
stack
|
page read and write
|
||
|
249F6262000
|
heap
|
page read and write
|
||
|
232C365A000
|
heap
|
page read and write
|
||
|
279CE9E9000
|
heap
|
page read and write
|
||
|
249F623C000
|
heap
|
page read and write
|
||
|
232C4602000
|
heap
|
page read and write
|
||
|
8B98A7F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
F3067F7000
|
stack
|
page read and write
|
||
|
232C4198000
|
heap
|
page read and write
|
||
|
232C41C2000
|
heap
|
page read and write
|
||
|
232C36F6000
|
heap
|
page read and write
|
||
|
232C3F30000
|
remote allocation
|
page read and write
|
||
|
232C41D1000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
1CFFC93A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
232C36B3000
|
heap
|
page read and write
|
||
|
232C418E000
|
heap
|
page read and write
|
||
|
15397F000
|
stack
|
page read and write
|
||
|
440000
|
unkown
|
page read and write
|
||
|
232C36E0000
|
heap
|
page read and write
|
||
|
8B98B78000
|
stack
|
page read and write
|
||
|
232C4190000
|
heap
|
page read and write
|
||
|
279CE8C9000
|
heap
|
page read and write
|
||
|
232C4602000
|
heap
|
page read and write
|
||
|
ABE000
|
stack
|
page read and write
|
||
|
232C4100000
|
heap
|
page read and write
|
||
|
232C3653000
|
heap
|
page read and write
|
||
|
232C36A9000
|
heap
|
page read and write
|
||
|
D5A3179000
|
stack
|
page read and write
|
||
|
2135BF00000
|
heap
|
page read and write
|
||
|
F30647F000
|
stack
|
page read and write
|
||
|
232C4193000
|
heap
|
page read and write
|
||
|
279CE878000
|
heap
|
page read and write
|
||
|
A60000
|
heap
|
page read and write
|
||
|
F306B7F000
|
stack
|
page read and write
|
||
|
279CE9F0000
|
trusted library allocation
|
page read and write
|
||
|
8B98C77000
|
stack
|
page read and write
|
||
|
305E000
|
stack
|
page read and write
|
||
|
232C414C000
|
heap
|
page read and write
|
||
|
E0DB47B000
|
stack
|
page read and write
|
||
|
232C418A000
|
heap
|
page read and write
|
||
|
1CFFC915000
|
heap
|
page read and write
|
||
|
1538FF000
|
stack
|
page read and write
|
||
|
232C41B4000
|
heap
|
page read and write
|
||
|
8B98FFA000
|
stack
|
page read and write
|
||
|
232C4190000
|
heap
|
page read and write
|
||
|
249F6268000
|
heap
|
page read and write
|
||
|
2135BD10000
|
heap
|
page read and write
|
||
|
8B9859B000
|
stack
|
page read and write
|
||
|
657000
|
heap
|
page read and write
|
||
|
232C4002000
|
heap
|
page read and write
|
||
|
232C4113000
|
heap
|
page read and write
|
||
|
F3064FF000
|
stack
|
page read and write
|
||
|
279CE8E0000
|
heap
|
page read and write
|
||
|
8B989FB000
|
stack
|
page read and write
|
||
|
2135C802000
|
trusted library allocation
|
page read and write
|
||
|
1CFFC8F0000
|
heap
|
page read and write
|
||
|
D21FEBB000
|
stack
|
page read and write
|
||
|
F3061AC000
|
stack
|
page read and write
|
||
|
1CFFC8A0000
|
heap
|
page read and write
|
||
|
1CFFC785000
|
heap
|
page read and write
|
||
|
8B9887E000
|
stack
|
page read and write
|
||
|
232C3649000
|
heap
|
page read and write
|
||
|
232C363C000
|
heap
|
page read and write
|
||
|
249F6308000
|
heap
|
page read and write
|
||
|
653000
|
heap
|
page read and write
|
||
|
E0DB577000
|
stack
|
page read and write
|
||
|
249F626B000
|
heap
|
page read and write
|
||
|
2135BF08000
|
heap
|
page read and write
|
||
|
249F6280000
|
heap
|
page read and write
|
||
|
E0DB67F000
|
stack
|
page read and write
|
||
|
D2203FB000
|
stack
|
page read and write
|
||
|
2135BDB0000
|
trusted library allocation
|
page read and write
|
||
|
232C416F000
|
heap
|
page read and write
|
||
|
279CF780000
|
trusted library allocation
|
page read and write
|
||
|
281F000
|
stack
|
page read and write
|
||
|
2135BD80000
|
heap
|
page read and write
|
||
|
232C418E000
|
heap
|
page read and write
|
||
|
2340000
|
trusted library allocation
|
page read and write
|
||
|
2A2115A0000
|
heap
|
page read and write
|
||
|
B26000
|
heap
|
page read and write
|
||
|
8B98EFE000
|
unkown
|
page read and write
|
||
|
232C41AC000
|
heap
|
page read and write
|
||
|
232C3E70000
|
trusted library allocation
|
page read and write
|
||
|
2A211913000
|
heap
|
page read and write
|
||
|
230E000
|
stack
|
page read and write
|
||
|
1CFFC93A000
|
heap
|
page read and write
|
||
|
1539F9000
|
stack
|
page read and write
|
||
|
2135BE84000
|
heap
|
page read and write
|
||
|
8B98D7F000
|
stack
|
page read and write
|
||
|
8B98E78000
|
stack
|
page read and write
|
||
|
232C364C000
|
heap
|
page read and write
|
||
|
279CE880000
|
heap
|
page read and write
|
||
|
1CFFC933000
|
heap
|
page read and write
|
||
|
232C4602000
|
heap
|
page read and write
|
||
|
2135BE29000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
232C3665000
|
heap
|
page read and write
|
||
|
232C36D7000
|
heap
|
page read and write
|
||
|
E0DB37E000
|
stack
|
page read and write
|
||
|
279CF7B0000
|
trusted library allocation
|
page read and write
|
||
|
232C3677000
|
heap
|
page read and write
|
||
|
1CFFC936000
|
heap
|
page read and write
|
||
|
232C4196000
|
heap
|
page read and write
|
||
|
279CE8BE000
|
heap
|
page read and write
|
||
|
232C3681000
|
heap
|
page read and write
|
||
|
1CFFC921000
|
heap
|
page read and write
|
||
|
1CFFC780000
|
heap
|
page read and write
|
||
|
232C4198000
|
heap
|
page read and write
|
||
|
249F6229000
|
heap
|
page read and write
|
||
|
279CF790000
|
heap
|
page readonly
|
||
|
232C3613000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
153B7C000
|
stack
|
page read and write
|
||
|
2135BE4D000
|
heap
|
page read and write
|
||
|
291F000
|
stack
|
page read and write
|
||
|
232C3F30000
|
remote allocation
|
page read and write
|
||
|
232C3708000
|
heap
|
page read and write
|
||
|
1CFFC770000
|
heap
|
page read and write
|
||
|
F3069FC000
|
stack
|
page read and write
|
||
|
279CE830000
|
heap
|
page read and write
|
||
|
232C41B1000
|
heap
|
page read and write
|
||
|
232C4190000
|
heap
|
page read and write
|
||
|
279CE850000
|
heap
|
page read and write
|
||
|
673000
|
heap
|
page read and write
|
||
|
8B988FE000
|
stack
|
page read and write
|
||
|
232C4198000
|
heap
|
page read and write
|
||
|
F3068FE000
|
stack
|
page read and write
|
||
|
249F627E000
|
heap
|
page read and write
|
||
|
B20000
|
heap
|
page read and write
|
||
|
23B4000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
73541000
|
unkown
|
page execute read
|
||
|
D5A307E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1CFFC919000
|
heap
|
page read and write
|
||
|
232C41B9000
|
heap
|
page read and write
|
||
|
232C4188000
|
heap
|
page read and write
|
||
|
279CF530000
|
trusted library allocation
|
page read and write
|
||
|
232C3648000
|
heap
|
page read and write
|
||
|
15387A000
|
stack
|
page read and write
|
||
|
73540000
|
unkown
|
page readonly
|
||
|
1CFFC932000
|
heap
|
page read and write
|
||
|
2A211828000
|
heap
|
page read and write
|
||
|
1CFFC913000
|
heap
|
page read and write
|
||
|
2135BE54000
|
heap
|
page read and write
|
||
|
249F6255000
|
heap
|
page read and write
|
||
|
1CFFC8FB000
|
heap
|
page read and write
|
||
|
232C36C5000
|
heap
|
page read and write
|
||
|
1CFFC921000
|
heap
|
page read and write
|
||
|
2A212002000
|
trusted library allocation
|
page read and write
|
||
|
249F6300000
|
heap
|
page read and write
|
||
|
153AFE000
|
stack
|
page read and write
|
||
|
232C4190000
|
heap
|
page read and write
|
||
|
232C410F000
|
heap
|
page read and write
|
||
|
279CE8BE000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
628000
|
heap
|
page read and write
|
||
|
1CFFC921000
|
heap
|
page read and write
|
||
|
2A211813000
|
heap
|
page read and write
|
||
|
73544000
|
unkown
|
page readonly
|
||
|
D2205FB000
|
stack
|
page read and write
|
||
|
2A21183C000
|
heap
|
page read and write
|
||
|
232C419A000
|
heap
|
page read and write
|
||
|
45F000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
F306A7F000
|
stack
|
page read and write
|
||
|
249F6302000
|
heap
|
page read and write
|
||
|
232C36A8000
|
heap
|
page read and write
|
||
|
232C364B000
|
heap
|
page read and write
|
||
|
232C3713000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
232C4175000
|
heap
|
page read and write
|
||
|
D2204FF000
|
stack
|
page read and write
|
||
|
279CF800000
|
trusted library allocation
|
page read and write
|
||
|
E0DB77F000
|
stack
|
page read and write
|
||
|
442000
|
unkown
|
page read and write
|
||
|
2135BE13000
|
heap
|
page read and write
|
||
|
232C41C2000
|
heap
|
page read and write
|
||
|
279CE9C0000
|
trusted library allocation
|
page read and write
|
||
|
232C366F000
|
heap
|
page read and write
|
||
|
2135BF13000
|
heap
|
page read and write
|
There are 273 hidden memdumps, click here to show them.