Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.W32.AIDetect.malware2.20966.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Bolson210.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Efterkommelserne.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun
Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\GooCanvas-3.0.typelib
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Lib.Platform.Windows.Native.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\NMDllHost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Nonarguable.JAP
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\SourceCodePro-Medium.otf
|
OpenType font data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\System.Net.Http.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\athcfg20U.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\audio-volume-high.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\battery-level-10-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\edit-clear-rtl.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\farme.Fej5
|
ASCII text, with very long lines, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\network-wireless-hotspot-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsaD009.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\vmmemctl.inf
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.nero.com
|
unknown
|
||
|
https://sectigo.com/CPS0D
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
|
unknown
|
||
|
http://scripts.sil.org/OFLSource
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://cdn.discordapp.com/attachments/963535165500588126/979323922124263434/NANO_uyUuDnXlo102.bin
|
|||
|
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
https://curl.haxx.se/docs/http-cookies.html
|
unknown
|
There are 6 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Indianerhvding
|
flbes
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ESPOUSES\Blehavers
|
Verdea209
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\ESPOUSES\Blehavers
|
Verdea209
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
28F0000
|
direct allocation
|
page execute and read and write
|
|
|
|
E5C497F000
|
stack
|
page read and write
|
||
|
13919FE0000
|
trusted library allocation
|
page read and write
|
||
|
2B17EA78000
|
heap
|
page read and write
|
||
|
13919E9E000
|
heap
|
page read and write
|
||
|
440000
|
unkown
|
page read and write
|
||
|
2A0FD510000
|
heap
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
13919FF0000
|
heap
|
page readonly
|
||
|
72971000
|
unkown
|
page execute read
|
||
|
55B000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
13919E58000
|
heap
|
page read and write
|
||
|
1391A090000
|
heap
|
page read and write
|
||
|
32737FA000
|
stack
|
page read and write
|
||
|
DD68EFB000
|
stack
|
page read and write
|
||
|
1391A0A0000
|
trusted library allocation
|
page read and write
|
||
|
DD68CFB000
|
stack
|
page read and write
|
||
|
13919E40000
|
trusted library allocation
|
page read and write
|
||
|
2A0FD65C000
|
heap
|
page read and write
|
||
|
3273679000
|
stack
|
page read and write
|
||
|
32735FD000
|
stack
|
page read and write
|
||
|
E5C487B000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
72976000
|
unkown
|
page readonly
|
||
|
593000
|
heap
|
page read and write
|
||
|
45D000
|
unkown
|
page read and write
|
||
|
2B17EA28000
|
heap
|
page read and write
|
||
|
2B17E8B0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1391A099000
|
heap
|
page read and write
|
||
|
520000
|
heap
|
page read and write
|
||
|
2A0FD661000
|
heap
|
page read and write
|
||
|
2A0FD708000
|
heap
|
page read and write
|
||
|
2A0FD629000
|
heap
|
page read and write
|
||
|
512000
|
heap
|
page read and write
|
||
|
327377A000
|
stack
|
page read and write
|
||
|
2A0FDE02000
|
trusted library allocation
|
page read and write
|
||
|
2DFD000
|
stack
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
1391A010000
|
trusted library allocation
|
page read and write
|
||
|
2A0FDDB0000
|
trusted library allocation
|
page read and write
|
||
|
2A0FD4B0000
|
heap
|
page read and write
|
||
|
2A0FD702000
|
heap
|
page read and write
|
||
|
2B17EA57000
|
heap
|
page read and write
|
||
|
2A0FD688000
|
heap
|
page read and write
|
||
|
2A0FD660000
|
heap
|
page read and write
|
||
|
2A0FD65B000
|
heap
|
page read and write
|
||
|
2B17E910000
|
heap
|
page read and write
|
||
|
72974000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
222F000
|
stack
|
page read and write
|
||
|
5E0000
|
trusted library allocation
|
page read and write
|
||
|
13919DC0000
|
heap
|
page read and write
|
||
|
327347B000
|
stack
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
526000
|
heap
|
page read and write
|
||
|
13919E30000
|
trusted library allocation
|
page read and write
|
||
|
13919DA0000
|
heap
|
page read and write
|
||
|
1391A095000
|
heap
|
page read and write
|
||
|
228E000
|
stack
|
page read and write
|
||
|
13919E9E000
|
heap
|
page read and write
|
||
|
516000
|
heap
|
page read and write
|
||
|
2B17EB00000
|
heap
|
page read and write
|
||
|
2A0FD67F000
|
heap
|
page read and write
|
||
|
E5C4D7F000
|
stack
|
page read and write
|
||
|
1391A000000
|
trusted library allocation
|
page read and write
|
||
|
2A0FD700000
|
heap
|
page read and write
|
||
|
13919C70000
|
trusted library allocation
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
E5C48FF000
|
stack
|
page read and write
|
||
|
2A0FD63C000
|
heap
|
page read and write
|
||
|
13919E96000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
97E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2A0FD68E000
|
heap
|
page read and write
|
||
|
460000
|
unkown
|
page readonly
|
||
|
2A0FD613000
|
heap
|
page read and write
|
||
|
13919E9A000
|
heap
|
page read and write
|
||
|
5C0000
|
heap
|
page read and write
|
||
|
2B17F202000
|
trusted library allocation
|
page read and write
|
||
|
E5C4B7B000
|
stack
|
page read and write
|
||
|
2EFA000
|
stack
|
page read and write
|
||
|
2B17EB02000
|
heap
|
page read and write
|
||
|
2A0FD713000
|
heap
|
page read and write
|
||
|
72970000
|
unkown
|
page readonly
|
||
|
13919E9E000
|
heap
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
2B17E8A0000
|
heap
|
page read and write
|
||
|
2B17EA13000
|
heap
|
page read and write
|
||
|
2400000
|
heap
|
page read and write
|
||
|
32736FE000
|
stack
|
page read and write
|
||
|
2B17F1B0000
|
trusted library allocation
|
page read and write
|
||
|
2A0FD68C000
|
heap
|
page read and write
|
||
|
2A0FD600000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
1391AB90000
|
trusted library allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
2B17EB13000
|
heap
|
page read and write
|
||
|
986000
|
heap
|
page read and write
|
||
|
239F000
|
stack
|
page read and write
|
||
|
2A0FD4A0000
|
heap
|
page read and write
|
||
|
13919E50000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2A0FD65E000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
DD687FB000
|
stack
|
page read and write
|
||
|
13919EBD000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
E5C4C77000
|
stack
|
page read and write
|
||
|
13919C60000
|
heap
|
page read and write
|
||
|
DD68AFE000
|
stack
|
page read and write
|
||
|
13919E60000
|
heap
|
page read and write
|
||
|
2B17EA3C000
|
heap
|
page read and write
|
||
|
2820000
|
trusted library allocation
|
page read and write
|
||
|
DD68DFE000
|
stack
|
page read and write
|
||
|
2830000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
2404000
|
heap
|
page read and write
|
||
|
460000
|
unkown
|
page readonly
|
||
|
2B17EA00000
|
heap
|
page read and write
|
||
|
2B17EA02000
|
heap
|
page read and write
|
||
|
E5C4E7E000
|
stack
|
page read and write
|
||
|
1391A060000
|
trusted library allocation
|
page read and write
|
||
|
13919EC7000
|
heap
|
page read and write
|
||
|
2A0FD663000
|
heap
|
page read and write
|
||
|
4E8000
|
heap
|
page read and write
|
||
|
13919FA0000
|
trusted library allocation
|
page read and write
|
There are 120 hidden memdumps, click here to show them.