Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SC_TR11670000.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\Krugerite.Fri
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Kontos.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsu27C9.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\dotnet.api
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\ebook-reader.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\emblem-photos-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\font-select-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\network-wired-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\pan-start-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Fadernes\Amphiaster213\printer-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\AEGISIIIRadeonHelper.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\Cementblander.Pfe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\LogoCanary.png
|
PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\avatar-default-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\be.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\changes-allow-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Preconstituent\Uforsonligere\Informationssystemernes\pt-br.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Shabbyish\Retablerings
|
Aphetism
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
32D0000
|
direct allocation
|
page execute and read and write
|
|
|
|
32DF000
|
heap
|
page read and write
|
|
|
|
3DCA000
|
direct allocation
|
page execute and read and write
|
|
|
|
530000
|
heap
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
2849000
|
heap
|
page read and write
|
||
|
72EC0000
|
unkown
|
page readonly
|
||
|
9010000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
2220000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
284B000
|
heap
|
page read and write
|
||
|
20A0000
|
heap
|
page read and write
|
||
|
57E000
|
heap
|
page read and write
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
83CA000
|
direct allocation
|
page execute and read and write
|
||
|
4E5000
|
heap
|
page read and write
|
||
|
567000
|
heap
|
page read and write
|
||
|
65CA000
|
direct allocation
|
page execute and read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
21C0000
|
heap
|
page read and write
|
||
|
2844000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page write copy
|
||
|
401000
|
unkown
|
page execute read
|
||
|
33CA000
|
direct allocation
|
page execute and read and write
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
47CA000
|
direct allocation
|
page execute and read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
436000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
283F000
|
stack
|
page read and write
|
||
|
5BCA000
|
direct allocation
|
page execute and read and write
|
||
|
2845000
|
heap
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
72EC3000
|
unkown
|
page readonly
|
||
|
284D000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
72EC1000
|
unkown
|
page execute read
|
||
|
51CA000
|
direct allocation
|
page execute and read and write
|
||
|
433000
|
unkown
|
page read and write
|
||
|
32D0000
|
trusted library allocation
|
page read and write
|
||
|
424000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
407000
|
unkown
|
page readonly
|
||
|
213E000
|
stack
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2250000
|
heap
|
page read and write
|
||
|
2256000
|
heap
|
page read and write
|
||
|
97000
|
stack
|
page read and write
|
||
|
235F000
|
stack
|
page read and write
|
||
|
23F4000
|
heap
|
page read and write
|
||
|
537000
|
heap
|
page read and write
|
||
|
8DCA000
|
direct allocation
|
page execute and read and write
|
||
|
2840000
|
heap
|
page read and write
|
||
|
571000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32DF000
|
heap
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
6FCA000
|
direct allocation
|
page execute and read and write
|
||
|
2848000
|
heap
|
page read and write
|
||
|
2841000
|
heap
|
page read and write
|
||
|
72EC5000
|
unkown
|
page readonly
|
||
|
79CA000
|
direct allocation
|
page execute and read and write
|
||
|
9010000
|
trusted library allocation
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
421000
|
unkown
|
page read and write
|
||
|
20FE000
|
stack
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
2840000
|
trusted library allocation
|
page read and write
|
||
|
9010000
|
trusted library allocation
|
page read and write
|
||
|
23F0000
|
heap
|
page read and write
|
There are 67 hidden memdumps, click here to show them.