Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
pago.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Adventure_15.bmp
|
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, Exif Standard: [TIFF image data,
big-endian, direntries=3], baseline, precision 8, 110x110, frames 3
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\BRUGERMSSIGE.dis
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Lovprisendes8.omb
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\System.Runtime.CompilerServices.VisualC.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\application-exit-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsaB9F5.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\process-stop-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\pago.exe
|
"C:\Users\user\Desktop\pago.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
https://github.com/dotnet/runtimeBSJB
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
There are 3 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\udsmeltningers\niais
|
Expand String Value
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Spoofer239
|
Superaffluently171
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Skydemodstands2\Selvstndiggjort
|
Distributionsrettens
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TORNEBUSKEN\cholangiographic
|
Expand String Value
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2940000
|
direct allocation
|
page execute and read and write
|
|
|
|
732D6000
|
unkown
|
page readonly
|
||
|
1FD39A7E000
|
heap
|
page read and write
|
||
|
1FD39A3C000
|
heap
|
page read and write
|
||
|
1EDC5150000
|
trusted library allocation
|
page read and write
|
||
|
78FD4FE000
|
stack
|
page read and write
|
||
|
1FD3A270000
|
trusted library allocation
|
page read and write
|
||
|
1EDC441A000
|
heap
|
page read and write
|
||
|
1EDC42F0000
|
heap
|
page read and write
|
||
|
1F4FD663000
|
heap
|
page read and write
|
||
|
1F4FD602000
|
heap
|
page read and write
|
||
|
1FD39A29000
|
heap
|
page read and write
|
||
|
1FD39A4A000
|
heap
|
page read and write
|
||
|
1FD39B02000
|
heap
|
page read and write
|
||
|
22BF000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1EDC4600000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1F4FD5D0000
|
trusted library allocation
|
page read and write
|
||
|
1A19A276000
|
heap
|
page read and write
|
||
|
1FD39B00000
|
heap
|
page read and write
|
||
|
29C42A00000
|
heap
|
page read and write
|
||
|
1FD39A45000
|
heap
|
page read and write
|
||
|
78FCCFB000
|
stack
|
page read and write
|
||
|
1A19AC02000
|
trusted library allocation
|
page read and write
|
||
|
29C42A7F000
|
heap
|
page read and write
|
||
|
EE352FF000
|
stack
|
page read and write
|
||
|
1FD39A88000
|
heap
|
page read and write
|
||
|
1918EAB000
|
stack
|
page read and write
|
||
|
1EDC43D8000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
46A000
|
unkown
|
page read and write
|
||
|
1F4FD600000
|
heap
|
page read and write
|
||
|
47D000
|
unkown
|
page readonly
|
||
|
1F4FE002000
|
trusted library allocation
|
page read and write
|
||
|
1A19A302000
|
heap
|
page read and write
|
||
|
29C42A8A000
|
heap
|
page read and write
|
||
|
78FD3FB000
|
stack
|
page read and write
|
||
|
29C42A02000
|
heap
|
page read and write
|
||
|
1A19A130000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
29C42A5C000
|
heap
|
page read and write
|
||
|
E24E47E000
|
stack
|
page read and write
|
||
|
1F4FD686000
|
heap
|
page read and write
|
||
|
19192F9000
|
stack
|
page read and write
|
||
|
1FD39960000
|
heap
|
page read and write
|
||
|
29C43202000
|
trusted library allocation
|
page read and write
|
||
|
1A19A23E000
|
heap
|
page read and write
|
||
|
1A19A228000
|
heap
|
page read and write
|
||
|
1FD39970000
|
heap
|
page read and write
|
||
|
29C42B02000
|
heap
|
page read and write
|
||
|
29C42B08000
|
heap
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
E24E4FE000
|
stack
|
page read and write
|
||
|
5D0000
|
heap
|
page read and write
|
||
|
E24E5FC000
|
stack
|
page read and write
|
||
|
E24E67F000
|
stack
|
page read and write
|
||
|
1EDC4422000
|
heap
|
page read and write
|
||
|
E24EA7F000
|
stack
|
page read and write
|
||
|
1FD39A68000
|
heap
|
page read and write
|
||
|
29C42A29000
|
heap
|
page read and write
|
||
|
EE3517E000
|
stack
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
2420000
|
trusted library allocation
|
page read and write
|
||
|
732D4000
|
unkown
|
page readonly
|
||
|
1F4FD702000
|
heap
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page read and write
|
||
|
9C5B3F7000
|
stack
|
page read and write
|
||
|
1FD39A67000
|
heap
|
page read and write
|
||
|
E24E1EC000
|
stack
|
page read and write
|
||
|
1F4FD540000
|
heap
|
page read and write
|
||
|
1A19A259000
|
heap
|
page read and write
|
||
|
1EDC4610000
|
trusted library allocation
|
page read and write
|
||
|
1FD399D0000
|
heap
|
page read and write
|
||
|
2F2E000
|
stack
|
page read and write
|
||
|
EE3507B000
|
stack
|
page read and write
|
||
|
247D000
|
stack
|
page read and write
|
||
|
1EDC4380000
|
heap
|
page read and write
|
||
|
1EDC5400000
|
trusted library allocation
|
page read and write
|
||
|
9EE000
|
stack
|
page read and write
|
||
|
1FD39A4B000
|
heap
|
page read and write
|
||
|
1EDC5390000
|
heap
|
page readonly
|
||
|
29C42810000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1F4FD68E000
|
heap
|
page read and write
|
||
|
1F4FD613000
|
heap
|
page read and write
|
||
|
191927A000
|
stack
|
page read and write
|
||
|
EE355FF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
29C42A5E000
|
heap
|
page read and write
|
||
|
9C5B4FE000
|
stack
|
page read and write
|
||
|
1EDC43E0000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
1A19A0C0000
|
heap
|
page read and write
|
||
|
1EDC5380000
|
trusted library allocation
|
page read and write
|
||
|
1F4FD68C000
|
heap
|
page read and write
|
||
|
1EDC43D0000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
1FD3A402000
|
trusted library allocation
|
page read and write
|
||
|
78FD1FB000
|
stack
|
page read and write
|
||
|
29C42870000
|
heap
|
page read and write
|
||
|
1FD39A50000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page readonly
|
||
|
29C42800000
|
heap
|
page read and write
|
||
|
E24E877000
|
stack
|
page read and write
|
||
|
E24E97F000
|
stack
|
page read and write
|
||
|
1FD39A4D000
|
heap
|
page read and write
|
||
|
1EDC4609000
|
heap
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
19193F9000
|
stack
|
page read and write
|
||
|
9C5B2FB000
|
stack
|
page read and write
|
||
|
1EDC4360000
|
heap
|
page read and write
|
||
|
1FD39A00000
|
heap
|
page read and write
|
||
|
1A19A0D0000
|
heap
|
page read and write
|
||
|
1EDC4433000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
4FD000
|
heap
|
page read and write
|
||
|
2430000
|
trusted library allocation
|
page read and write
|
||
|
1EDC53B0000
|
trusted library allocation
|
page read and write
|
||
|
46C000
|
unkown
|
page readonly
|
||
|
930000
|
heap
|
page read and write
|
||
|
24A4000
|
heap
|
page read and write
|
||
|
5D5000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
1EDC4422000
|
heap
|
page read and write
|
||
|
502000
|
heap
|
page read and write
|
||
|
29C42A13000
|
heap
|
page read and write
|
||
|
1EDC45E0000
|
trusted library allocation
|
page read and write
|
||
|
1FD39A4E000
|
heap
|
page read and write
|
||
|
1FD39A62000
|
heap
|
page read and write
|
||
|
442000
|
unkown
|
page read and write
|
||
|
78FD2FB000
|
stack
|
page read and write
|
||
|
A16000
|
heap
|
page read and write
|
||
|
29C42A69000
|
heap
|
page read and write
|
||
|
E24E77B000
|
stack
|
page read and write
|
||
|
1EDC45C0000
|
trusted library allocation
|
page read and write
|
||
|
EE356FF000
|
stack
|
page read and write
|
||
|
1EDC4605000
|
heap
|
page read and write
|
||
|
EE353FB000
|
stack
|
page read and write
|
||
|
1A19A202000
|
heap
|
page read and write
|
||
|
9C5B5FE000
|
stack
|
page read and write
|
||
|
29C42A58000
|
heap
|
page read and write
|
||
|
EE354F7000
|
stack
|
page read and write
|
||
|
1FD39A64000
|
heap
|
page read and write
|
||
|
9C5B07F000
|
stack
|
page read and write
|
||
|
29C42B13000
|
heap
|
page read and write
|
||
|
1A19A213000
|
heap
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
1EDC53A0000
|
trusted library allocation
|
page read and write
|
||
|
1FD39B13000
|
heap
|
page read and write
|
||
|
29C42B00000
|
heap
|
page read and write
|
||
|
29C42A63000
|
heap
|
page read and write
|
||
|
1FD39A49000
|
heap
|
page read and write
|
||
|
1FD39A13000
|
heap
|
page read and write
|
||
|
1F4FD629000
|
heap
|
page read and write
|
||
|
1FD39A66000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
732D0000
|
unkown
|
page readonly
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
29C42A3C000
|
heap
|
page read and write
|
||
|
1A19A313000
|
heap
|
page read and write
|
||
|
1A19A300000
|
heap
|
page read and write
|
||
|
1EDC45D0000
|
trusted library allocation
|
page read and write
|
||
|
1EDC4300000
|
trusted library allocation
|
page read and write
|
||
|
9C5ADFC000
|
stack
|
page read and write
|
||
|
1F4FD530000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1EDC4422000
|
heap
|
page read and write
|
||
|
1A19A26C000
|
heap
|
page read and write
|
||
|
1F4FD63C000
|
heap
|
page read and write
|
||
|
29C42970000
|
trusted library allocation
|
page read and write
|
||
|
47D000
|
unkown
|
page readonly
|
||
|
191937E000
|
stack
|
page read and write
|
||
|
1F4FD5A0000
|
heap
|
page read and write
|
||
|
1FD39B08000
|
heap
|
page read and write
|
||
|
1A19A160000
|
trusted library allocation
|
page read and write
|
||
|
24A0000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
9C5B0FE000
|
stack
|
page read and write
|
||
|
EE350FE000
|
stack
|
page read and write
|
||
|
98E000
|
stack
|
page read and write
|
||
|
1FD39A44000
|
heap
|
page read and write
|
||
|
1A19A200000
|
heap
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
732D1000
|
unkown
|
page execute read
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1F4FD713000
|
heap
|
page read and write
|
There are 181 hidden memdumps, click here to show them.