Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Diakonernes\Incongeniality\Ableptically\Omfattede\Iblanding\Heterodoxical.Ufo
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Diakonernes\Referenceliste\holdovers\open-menu-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TOBEN.lnk
|
MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600,
atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsaCD4C.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO.exe
|
C:\Users\user\Desktop\PO.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\One
|
Guli
|
||
|
HKEY_CURRENT_USER\Software\Lysogenicity\Afvaskning\Sphenes
|
Komponenttegninger
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Ahorntrets\Kanaima
|
Forstuvningerne
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3190000
|
direct allocation
|
page execute and read and write
|
|
|
|
469000
|
unkown
|
page read and write
|
||
|
1DB3DC3A000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1F066113000
|
heap
|
page read and write
|
||
|
1FEE8265000
|
heap
|
page read and write
|
||
|
1FEE8275000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1F06603E000
|
heap
|
page read and write
|
||
|
1E3037E000
|
stack
|
page read and write
|
||
|
1F9A52C0000
|
remote allocation
|
page read and write
|
||
|
4F2000
|
heap
|
page read and write
|
||
|
284457F000
|
stack
|
page read and write
|
||
|
1FEE8B02000
|
heap
|
page read and write
|
||
|
1F065FE0000
|
trusted library allocation
|
page read and write
|
||
|
1D859877000
|
heap
|
page read and write
|
||
|
107F5FC000
|
stack
|
page read and write
|
||
|
3690000
|
trusted library allocation
|
page read and write
|
||
|
A4CFEFB000
|
stack
|
page read and write
|
||
|
28272DE0000
|
trusted library allocation
|
page read and write
|
||
|
1D859844000
|
heap
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
28272E29000
|
heap
|
page read and write
|
||
|
1F066059000
|
heap
|
page read and write
|
||
|
1FEE8BBC000
|
heap
|
page read and write
|
||
|
107F8FC000
|
stack
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
1F9A4A02000
|
heap
|
page read and write
|
||
|
1FEE8B43000
|
heap
|
page read and write
|
||
|
1D859832000
|
heap
|
page read and write
|
||
|
44F597E000
|
stack
|
page read and write
|
||
|
375D000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
1F066A02000
|
trusted library allocation
|
page read and write
|
||
|
1D85986F000
|
heap
|
page read and write
|
||
|
490000
|
trusted library allocation
|
page read and write
|
||
|
1DB3DC67000
|
heap
|
page read and write
|
||
|
1F9A4A52000
|
heap
|
page read and write
|
||
|
44F55BC000
|
stack
|
page read and write
|
||
|
278F000
|
stack
|
page read and write
|
||
|
1D859800000
|
heap
|
page read and write
|
||
|
28272E47000
|
heap
|
page read and write
|
||
|
1E3027E000
|
stack
|
page read and write
|
||
|
1F9A4980000
|
heap
|
page read and write
|
||
|
44F5F7E000
|
stack
|
page read and write
|
||
|
1FEE826B000
|
heap
|
page read and write
|
||
|
46C000
|
unkown
|
page readonly
|
||
|
1FEE8B94000
|
heap
|
page read and write
|
||
|
1D859841000
|
heap
|
page read and write
|
||
|
1FEE8254000
|
heap
|
page read and write
|
||
|
1D85983B000
|
heap
|
page read and write
|
||
|
28272E00000
|
heap
|
page read and write
|
||
|
1DB3DC3E000
|
heap
|
page read and write
|
||
|
1D85987A000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
1FEE8C23000
|
heap
|
page read and write
|
||
|
1D859875000
|
heap
|
page read and write
|
||
|
44F607A000
|
stack
|
page read and write
|
||
|
44F5BFB000
|
stack
|
page read and write
|
||
|
1DB3E402000
|
heap
|
page read and write
|
||
|
1FEE83B9000
|
heap
|
page read and write
|
||
|
2892000
|
trusted library allocation
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
1DB3DC89000
|
heap
|
page read and write
|
||
|
1D859865000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
107FE7F000
|
stack
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
47C000
|
unkown
|
page readonly
|
||
|
1F9A52C0000
|
remote allocation
|
page read and write
|
||
|
1F9A4A57000
|
heap
|
page read and write
|
||
|
1FEE8C27000
|
heap
|
page read and write
|
||
|
1FEE8B22000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
1E2FD8C000
|
stack
|
page read and write
|
||
|
1D85985A000
|
heap
|
page read and write
|
||
|
1D85987E000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
36A0000
|
trusted library allocation
|
page read and write
|
||
|
1FEE8258000
|
heap
|
page read and write
|
||
|
1F9A5290000
|
trusted library allocation
|
page read and write
|
||
|
1D85A202000
|
trusted library allocation
|
page read and write
|
||
|
1FEE8313000
|
heap
|
page read and write
|
||
|
1DB3DC13000
|
heap
|
page read and write
|
||
|
1D85985C000
|
heap
|
page read and write
|
||
|
1D859845000
|
heap
|
page read and write
|
||
|
1DB3DD13000
|
heap
|
page read and write
|
||
|
28272F02000
|
heap
|
page read and write
|
||
|
28272E58000
|
heap
|
page read and write
|
||
|
28447FE000
|
stack
|
page read and write
|
||
|
28272E52000
|
heap
|
page read and write
|
||
|
1FEE8292000
|
heap
|
page read and write
|
||
|
1F9A4A00000
|
heap
|
page read and write
|
||
|
B578C7E000
|
stack
|
page read and write
|
||
|
1DB3DC29000
|
heap
|
page read and write
|
||
|
1F9A4A3C000
|
heap
|
page read and write
|
||
|
284427C000
|
stack
|
page read and write
|
||
|
1FEE8213000
|
heap
|
page read and write
|
||
|
A4CFADB000
|
stack
|
page read and write
|
||
|
2843DEB000
|
stack
|
page read and write
|
||
|
107F1DC000
|
stack
|
page read and write
|
||
|
1FEE8BB0000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
640000
|
heap
|
page read and write
|
||
|
1F06602A000
|
heap
|
page read and write
|
||
|
B578D7A000
|
stack
|
page read and write
|
||
|
28272DB0000
|
heap
|
page read and write
|
||
|
1DB3DC65000
|
heap
|
page read and write
|
||
|
1FEE8B00000
|
heap
|
page read and write
|
||
|
1F065F50000
|
heap
|
page read and write
|
||
|
1FEE8BC6000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
107FA7C000
|
stack
|
page read and write
|
||
|
288F000
|
stack
|
page read and write
|
||
|
1FEE8130000
|
trusted library allocation
|
page read and write
|
||
|
1F065F40000
|
heap
|
page read and write
|
||
|
1D859826000
|
heap
|
page read and write
|
||
|
1D859862000
|
heap
|
page read and write
|
||
|
A4CFFFE000
|
stack
|
page read and write
|
||
|
1DB3DCBE000
|
heap
|
page read and write
|
||
|
1D859859000
|
heap
|
page read and write
|
||
|
A4D04FE000
|
stack
|
page read and write
|
||
|
1FEE8226000
|
heap
|
page read and write
|
||
|
1F9A49F0000
|
heap
|
page read and write
|
||
|
44F5E7E000
|
stack
|
page read and write
|
||
|
1FEE8C02000
|
heap
|
page read and write
|
||
|
1FEE7FD0000
|
heap
|
page read and write
|
||
|
1FEE8B22000
|
heap
|
page read and write
|
||
|
4F6000
|
heap
|
page read and write
|
||
|
A4D06FE000
|
stack
|
page read and write
|
||
|
A4D05FE000
|
stack
|
page read and write
|
||
|
507000
|
heap
|
page read and write
|
||
|
1F9A4A29000
|
heap
|
page read and write
|
||
|
47C000
|
unkown
|
page readonly
|
||
|
28272E2F000
|
heap
|
page read and write
|
||
|
1FEE8229000
|
heap
|
page read and write
|
||
|
1D859770000
|
heap
|
page read and write
|
||
|
1D859858000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
46C000
|
unkown
|
page readonly
|
||
|
107F87E000
|
stack
|
page read and write
|
||
|
1DB3DA60000
|
heap
|
page read and write
|
||
|
1DB3E500000
|
heap
|
page read and write
|
||
|
44F59FF000
|
stack
|
page read and write
|
||
|
B578E7C000
|
stack
|
page read and write
|
||
|
1D859874000
|
heap
|
page read and write
|
||
|
1D85986D000
|
heap
|
page read and write
|
||
|
107FB7D000
|
stack
|
page read and write
|
||
|
B578F7F000
|
stack
|
page read and write
|
||
|
1FEE8030000
|
heap
|
page read and write
|
||
|
1DB3DC00000
|
heap
|
page read and write
|
||
|
1E3007E000
|
stack
|
page read and write
|
||
|
1D859868000
|
heap
|
page read and write
|
||
|
1DB3DAC0000
|
heap
|
page read and write
|
||
|
1DB3DD02000
|
heap
|
page read and write
|
||
|
1FEE8200000
|
heap
|
page read and write
|
||
|
1D85983D000
|
heap
|
page read and write
|
||
|
2890000
|
trusted library allocation
|
page read and write
|
||
|
1FEE823C000
|
heap
|
page read and write
|
||
|
1E3047E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1FEE8284000
|
heap
|
page read and write
|
||
|
385A000
|
stack
|
page read and write
|
||
|
1D859883000
|
heap
|
page read and write
|
||
|
A4D03FE000
|
stack
|
page read and write
|
||
|
1D85984E000
|
heap
|
page read and write
|
||
|
A4D07FF000
|
stack
|
page read and write
|
||
|
107FC7F000
|
stack
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
1FEE8C00000
|
heap
|
page read and write
|
||
|
2230000
|
heap
|
page read and write
|
||
|
2236000
|
heap
|
page read and write
|
||
|
1FEE8243000
|
heap
|
page read and write
|
||
|
1D8597A0000
|
trusted library allocation
|
page read and write
|
||
|
1DB3DC23000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1F9A52C0000
|
remote allocation
|
page read and write
|
||
|
1F9A4990000
|
heap
|
page read and write
|
||
|
1F066077000
|
heap
|
page read and write
|
||
|
4DB000
|
heap
|
page read and write
|
||
|
107F9FD000
|
stack
|
page read and write
|
||
|
1D859813000
|
heap
|
page read and write
|
||
|
1F066013000
|
heap
|
page read and write
|
||
|
1FEE838E000
|
heap
|
page read and write
|
||
|
1F066000000
|
heap
|
page read and write
|
||
|
1FEE8B6D000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1E300FE000
|
stack
|
page read and write
|
||
|
42D000
|
unkown
|
page read and write
|
||
|
1D859710000
|
heap
|
page read and write
|
||
|
1D859829000
|
heap
|
page read and write
|
||
|
28272E3E000
|
heap
|
page read and write
|
||
|
28273802000
|
trusted library allocation
|
page read and write
|
||
|
1D859860000
|
heap
|
page read and write
|
||
|
107FD7D000
|
stack
|
page read and write
|
||
|
1D85985F000
|
heap
|
page read and write
|
||
|
1FEE8277000
|
heap
|
page read and write
|
||
|
1F06605B000
|
heap
|
page read and write
|
||
|
1F9A4A13000
|
heap
|
page read and write
|
||
|
1FEE8150000
|
trusted library allocation
|
page read and write
|
||
|
28272E02000
|
heap
|
page read and write
|
||
|
2290000
|
heap
|
page read and write
|
||
|
28272E13000
|
heap
|
page read and write
|
||
|
1D859700000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
1DB3DCCF000
|
heap
|
page read and write
|
||
|
1D859857000
|
heap
|
page read and write
|
||
|
A4D02FD000
|
stack
|
page read and write
|
||
|
A4D00FC000
|
stack
|
page read and write
|
||
|
1E3057E000
|
stack
|
page read and write
|
||
|
1F066041000
|
heap
|
page read and write
|
||
|
44F5AFE000
|
stack
|
page read and write
|
||
|
1FEE83E5000
|
heap
|
page read and write
|
||
|
28272D60000
|
heap
|
page read and write
|
||
|
1D859848000
|
heap
|
page read and write
|
||
|
1D859840000
|
heap
|
page read and write
|
||
|
44F5D7A000
|
stack
|
page read and write
|
||
|
28272E45000
|
heap
|
page read and write
|
||
|
1D859879000
|
heap
|
page read and write
|
||
|
4ED000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1D85987B000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1FEE7FC0000
|
heap
|
page read and write
|
||
|
1FEE8B54000
|
heap
|
page read and write
|
||
|
1DB3DC6D000
|
heap
|
page read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2294000
|
heap
|
page read and write
|
||
|
1FEE8A02000
|
heap
|
page read and write
|
||
|
28442FE000
|
stack
|
page read and write
|
||
|
28272E3C000
|
heap
|
page read and write
|
||
|
1F9A5402000
|
trusted library allocation
|
page read and write
|
||
|
28272D50000
|
heap
|
page read and write
|
||
|
1D859902000
|
heap
|
page read and write
|
||
|
284467D000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
427000
|
unkown
|
page read and write
|
||
|
107F77E000
|
stack
|
page read and write
|
||
|
1F066055000
|
heap
|
page read and write
|
||
|
1FEE828E000
|
heap
|
page read and write
|
||
|
1FEE8BCF000
|
heap
|
page read and write
|
||
|
4B7000
|
heap
|
page read and write
|
||
|
1D85986C000
|
heap
|
page read and write
|
||
|
B578A7C000
|
stack
|
page read and write
|
||
|
28444FE000
|
stack
|
page read and write
|
||
|
1FEE8C30000
|
heap
|
page read and write
|
||
|
1DB3DBC0000
|
trusted library allocation
|
page read and write
|
||
|
44F5C79000
|
stack
|
page read and write
|
||
|
1F065FB0000
|
heap
|
page read and write
|
||
|
1F066002000
|
heap
|
page read and write
|
||
|
1DB3DCC5000
|
heap
|
page read and write
|
||
|
1FEE8268000
|
heap
|
page read and write
|
||
|
1DB3DA50000
|
heap
|
page read and write
|
||
|
1FEE8C13000
|
heap
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
1F9A4B02000
|
heap
|
page read and write
|
||
|
1DB3DCE2000
|
heap
|
page read and write
|
||
|
1D859856000
|
heap
|
page read and write
|
||
|
1D859842000
|
heap
|
page read and write
|
||
|
1F066102000
|
heap
|
page read and write
|
||
|
422000
|
unkown
|
page read and write
|
There are 252 hidden memdumps, click here to show them.