Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Ordene 501527,pdf.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nshB62A.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\FanControlWrapper.dll
|
PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\Microsoft.Office.Tools.Common.v9.0.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Kvalitative209\edit-cut-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Misundes\Caesural4\Perciform\Selskabelig\Hjemmeopgaven\vrkstedsbygninger\Ricciaceae185.Inc
|
data
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Ordene 501527,pdf.exe
|
"C:\Users\user\Desktop\Ordene 501527,pdf.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2E00000
|
direct allocation
|
page execute and read and write
|
|
|
|
782000
|
unkown
|
page read and write
|
||
|
26EB7210000
|
heap
|
page read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
25EB4D00000
|
heap
|
page read and write
|
||
|
25EAF513000
|
heap
|
page read and write
|
||
|
1B45B602000
|
trusted library allocation
|
page read and write
|
||
|
25EAF491000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
26EB6FC0000
|
trusted library allocation
|
page read and write
|
||
|
26EB7319000
|
heap
|
page read and write
|
||
|
25EB0600000
|
trusted library section
|
page readonly
|
||
|
FAB6A8C000
|
stack
|
page read and write
|
||
|
121827B0000
|
heap
|
page read and write
|
||
|
25EB4990000
|
trusted library allocation
|
page read and write
|
||
|
25EB4CEC000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
12182A67000
|
heap
|
page read and write
|
||
|
9060F7000
|
stack
|
page read and write
|
||
|
25EB4B50000
|
trusted library allocation
|
page read and write
|
||
|
25EAF400000
|
heap
|
page read and write
|
||
|
25EB4C23000
|
heap
|
page read and write
|
||
|
804000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
25EAF3C0000
|
trusted library section
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
25EB4B64000
|
trusted library allocation
|
page read and write
|
||
|
2554000
|
heap
|
page read and write
|
||
|
26EB707D000
|
heap
|
page read and write
|
||
|
B4E000
|
stack
|
page read and write
|
||
|
26EB7088000
|
heap
|
page read and write
|
||
|
25EB5000000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
26EB7030000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1B45AD02000
|
heap
|
page read and write
|
||
|
12182B02000
|
heap
|
page read and write
|
||
|
25EB4BF0000
|
trusted library allocation
|
page read and write
|
||
|
EBF47FB000
|
stack
|
page read and write
|
||
|
980000
|
heap
|
page read and write
|
||
|
EBF4A7F000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
25EAF502000
|
heap
|
page read and write
|
||
|
FAB6F7F000
|
stack
|
page read and write
|
||
|
25EAF380000
|
heap
|
page read and write
|
||
|
AB6000
|
heap
|
page read and write
|
||
|
25EB0980000
|
trusted library allocation
|
page read and write
|
||
|
786000
|
unkown
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1B45AC00000
|
heap
|
page read and write
|
||
|
25EB4E30000
|
trusted library allocation
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
25EB4B2E000
|
trusted library allocation
|
page read and write
|
||
|
12182A49000
|
heap
|
page read and write
|
||
|
12182A4F000
|
heap
|
page read and write
|
||
|
12182A6A000
|
heap
|
page read and write
|
||
|
EBF48FE000
|
stack
|
page read and write
|
||
|
25EB4C14000
|
heap
|
page read and write
|
||
|
25EAF429000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
25EB4C64000
|
heap
|
page read and write
|
||
|
EBF45FE000
|
stack
|
page read and write
|
||
|
25EAF413000
|
heap
|
page read and write
|
||
|
3140000
|
trusted library allocation
|
page read and write
|
||
|
EBF3ECB000
|
stack
|
page read and write
|
||
|
FAB6B0F000
|
stack
|
page read and write
|
||
|
EBF43FA000
|
stack
|
page read and write
|
||
|
25EB0961000
|
trusted library allocation
|
page read and write
|
||
|
26EB7028000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
FAB7079000
|
stack
|
page read and write
|
||
|
25EAF495000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
12182A4C000
|
heap
|
page read and write
|
||
|
7A4000
|
unkown
|
page read and write
|
||
|
2BC0000
|
trusted library allocation
|
page read and write
|
||
|
1B45AC7B000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
BB3000
|
heap
|
page read and write
|
||
|
1B45AB60000
|
heap
|
page read and write
|
||
|
26EB6FB0000
|
heap
|
page read and write
|
||
|
29DE000
|
stack
|
page read and write
|
||
|
25EB4B20000
|
trusted library allocation
|
page read and write
|
||
|
25EB4A10000
|
trusted library allocation
|
page read and write
|
||
|
9061FF000
|
stack
|
page read and write
|
||
|
25EB4E80000
|
remote allocation
|
page read and write
|
||
|
EBF4AFF000
|
stack
|
page read and write
|
||
|
26EB8040000
|
trusted library allocation
|
page read and write
|
||
|
188A67B000
|
stack
|
page read and write
|
||
|
25EB4CDD000
|
heap
|
page read and write
|
||
|
1B45AC02000
|
heap
|
page read and write
|
||
|
25EAFF18000
|
heap
|
page read and write
|
||
|
1B45AB50000
|
heap
|
page read and write
|
||
|
12182A00000
|
heap
|
page read and write
|
||
|
12182A29000
|
heap
|
page read and write
|
||
|
26EB7290000
|
trusted library allocation
|
page read and write
|
||
|
26EB71F0000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
1B45ABC0000
|
heap
|
page read and write
|
||
|
26EB8060000
|
trusted library allocation
|
page read and write
|
||
|
12182A21000
|
heap
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
EBF487F000
|
stack
|
page read and write
|
||
|
2D7E000
|
stack
|
page read and write
|
||
|
12182B13000
|
heap
|
page read and write
|
||
|
BAD000
|
heap
|
page read and write
|
||
|
AB9000
|
heap
|
page read and write
|
||
|
25EB0610000
|
trusted library section
|
page readonly
|
||
|
25EB05E0000
|
trusted library section
|
page readonly
|
||
|
12182A48000
|
heap
|
page read and write
|
||
|
EBF42F7000
|
stack
|
page read and write
|
||
|
905D7E000
|
stack
|
page read and write
|
||
|
FAB6EF9000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
25EB05C0000
|
trusted library section
|
page readonly
|
||
|
1B45AD00000
|
heap
|
page read and write
|
||
|
EBF4CFE000
|
stack
|
page read and write
|
||
|
FAB6B8F000
|
stack
|
page read and write
|
||
|
26EB7E10000
|
trusted library allocation
|
page read and write
|
||
|
12182A4B000
|
heap
|
page read and write
|
||
|
12182910000
|
trusted library allocation
|
page read and write
|
||
|
7A6000
|
unkown
|
page read and write
|
||
|
25EB4E60000
|
trusted library allocation
|
page read and write
|
||
|
25EAF476000
|
heap
|
page read and write
|
||
|
7B3000
|
unkown
|
page read and write
|
||
|
26EB706E000
|
heap
|
page read and write
|
||
|
12182A13000
|
heap
|
page read and write
|
||
|
12182810000
|
heap
|
page read and write
|
||
|
905EFF000
|
stack
|
page read and write
|
||
|
25EAFE02000
|
heap
|
page read and write
|
||
|
25EB05D0000
|
trusted library section
|
page readonly
|
||
|
25EB4C50000
|
heap
|
page read and write
|
||
|
26EB7310000
|
heap
|
page read and write
|
||
|
25EB4CFD000
|
heap
|
page read and write
|
||
|
25EB4B28000
|
trusted library allocation
|
page read and write
|
||
|
EBF497F000
|
stack
|
page read and write
|
||
|
25EB4B60000
|
trusted library allocation
|
page read and write
|
||
|
905C7B000
|
stack
|
page read and write
|
||
|
2550000
|
heap
|
page read and write
|
||
|
25EAFF00000
|
heap
|
page read and write
|
||
|
7C4000
|
unkown
|
page readonly
|
||
|
26EB72F0000
|
trusted library allocation
|
page read and write
|
||
|
25EB4E80000
|
remote allocation
|
page read and write
|
||
|
25EAFF18000
|
heap
|
page read and write
|
||
|
26EB7315000
|
heap
|
page read and write
|
||
|
25EB4B50000
|
trusted library allocation
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
25EAFDF0000
|
trusted library allocation
|
page read and write
|
||
|
12182A6B000
|
heap
|
page read and write
|
||
|
7C4000
|
unkown
|
page readonly
|
||
|
25EAFE15000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
B67000
|
heap
|
page read and write
|
||
|
26EB8050000
|
heap
|
page readonly
|
||
|
FAB6E7D000
|
stack
|
page read and write
|
||
|
26EB7280000
|
trusted library allocation
|
page read and write
|
||
|
25EB4B44000
|
trusted library allocation
|
page read and write
|
||
|
25EB4CFA000
|
heap
|
page read and write
|
||
|
25EB4C43000
|
heap
|
page read and write
|
||
|
12182A86000
|
heap
|
page read and write
|
||
|
25EAFDF3000
|
trusted library allocation
|
page read and write
|
||
|
25EB4CF9000
|
heap
|
page read and write
|
||
|
2BB0000
|
trusted library allocation
|
page read and write
|
||
|
789000
|
unkown
|
page read and write
|
||
|
25EB4B41000
|
trusted library allocation
|
page read and write
|
||
|
1B45ABF0000
|
trusted library allocation
|
page read and write
|
||
|
25EB4C30000
|
heap
|
page read and write
|
||
|
25EB0001000
|
trusted library allocation
|
page read and write
|
||
|
9062FD000
|
stack
|
page read and write
|
||
|
26EB80C0000
|
trusted library allocation
|
page read and write
|
||
|
25EB4C00000
|
heap
|
page read and write
|
||
|
25EB4B20000
|
trusted library allocation
|
page read and write
|
||
|
25EAF43D000
|
heap
|
page read and write
|
||
|
12182A64000
|
heap
|
page read and write
|
||
|
12182A65000
|
heap
|
page read and write
|
||
|
25EAF320000
|
heap
|
page read and write
|
||
|
25EB4CE2000
|
heap
|
page read and write
|
||
|
188A87E000
|
stack
|
page read and write
|
||
|
26EB7320000
|
trusted library allocation
|
page read and write
|
||
|
25EB4C80000
|
trusted library allocation
|
page read and write
|
||
|
121827A0000
|
heap
|
page read and write
|
||
|
804000
|
unkown
|
page readonly
|
||
|
188A57B000
|
stack
|
page read and write
|
||
|
12183202000
|
trusted library allocation
|
page read and write
|
||
|
12182A52000
|
heap
|
page read and write
|
||
|
2BA0000
|
trusted library allocation
|
page read and write
|
||
|
188A77E000
|
stack
|
page read and write
|
||
|
77C000
|
unkown
|
page read and write
|
||
|
EBF49FF000
|
stack
|
page read and write
|
||
|
25EB04E0000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1B45AC13000
|
heap
|
page read and write
|
||
|
12182A4D000
|
heap
|
page read and write
|
||
|
25EB4CA6000
|
heap
|
page read and write
|
||
|
25EAF479000
|
heap
|
page read and write
|
||
|
1B45AD13000
|
heap
|
page read and write
|
||
|
25EB05F0000
|
trusted library section
|
page readonly
|
||
|
FAB6FF9000
|
stack
|
page read and write
|
||
|
905CFF000
|
stack
|
page read and write
|
||
|
25EB4E80000
|
remote allocation
|
page read and write
|
||
|
905FFB000
|
stack
|
page read and write
|
||
|
25EB4C57000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
25EB4C70000
|
trusted library allocation
|
page read and write
|
||
|
9063FE000
|
stack
|
page read and write
|
||
|
25EB4CF3000
|
heap
|
page read and write
|
||
|
EBF44FB000
|
stack
|
page read and write
|
||
|
2ADF000
|
stack
|
page read and write
|
||
|
25EAFE00000
|
heap
|
page read and write
|
||
|
EBF46F9000
|
stack
|
page read and write
|
||
|
25EB4D02000
|
heap
|
page read and write
|
||
|
26EB8070000
|
trusted library allocation
|
page read and write
|
||
|
26EB706E000
|
heap
|
page read and write
|
||
|
25EAF4FF000
|
heap
|
page read and write
|
||
|
1B45AC3C000
|
heap
|
page read and write
|
||
|
25EB4A00000
|
trusted library allocation
|
page read and write
|
||
|
12182B00000
|
heap
|
page read and write
|
||
|
25EAF310000
|
heap
|
page read and write
|
||
|
930000
|
trusted library allocation
|
page read and write
|
||
|
25EAF456000
|
heap
|
page read and write
|
||
|
25EB4980000
|
trusted library allocation
|
page read and write
|
||
|
26EB7066000
|
heap
|
page read and write
|
||
|
25EB4CB7000
|
heap
|
page read and write
|
||
|
12182A50000
|
heap
|
page read and write
|
||
|
1B45AC57000
|
heap
|
page read and write
|
||
|
299F000
|
stack
|
page read and write
|
||
|
1B45AC28000
|
heap
|
page read and write
|
||
|
25EAF3B0000
|
trusted library allocation
|
page read and write
|
||
|
25EAF47B000
|
heap
|
page read and write
|
||
|
25EAF427000
|
heap
|
page read and write
|
||
|
25EB4E50000
|
trusted library allocation
|
page read and write
|
||
|
25EAF471000
|
heap
|
page read and write
|
||
|
12182A3C000
|
heap
|
page read and write
|
||
|
905E7B000
|
stack
|
page read and write
|
||
|
25EB4CA3000
|
heap
|
page read and write
|
||
|
12182B08000
|
heap
|
page read and write
|
||
|
25EB4B40000
|
trusted library allocation
|
page read and write
|
||
|
25EAF4A4000
|
heap
|
page read and write
|
||
|
25EB4E40000
|
trusted library allocation
|
page read and write
|
||
|
25EAFF02000
|
heap
|
page read and write
|
||
|
26EB706E000
|
heap
|
page read and write
|
||
|
25EAFF13000
|
heap
|
page read and write
|
||
|
25EAF48F000
|
heap
|
page read and write
|
||
|
188A27B000
|
stack
|
page read and write
|
||
|
26EB7020000
|
heap
|
page read and write
|
There are 236 hidden memdumps, click here to show them.