Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SC_TR11670000.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\Krugerite.Fri
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Kontos.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nss6D2B.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
|
very short file (no magic)
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\dotnet.api
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\ebook-reader.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\emblem-photos-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\font-select-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\network-wired-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Brandmurens\Antirevolutionist\Nitrosobacterium\Eliksirens\pan-start-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Fadernes\Amphiaster213\printer-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\AEGISIIIRadeonHelper.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\Cementblander.Pfe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\LogoCanary.png
|
PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\avatar-default-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\be.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Lejningerne\changes-allow-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Preconstituent\Uforsonligere\Informationssystemernes\pt-br.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
There are 10 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
|
|
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
C:\Users\user\Desktop\SC_TR11670000.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 212
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://171.22.30.147/flowe/five/fre.php
|
171.22.30.147
|
|
|
|
https://zed-unusual-activity-com.veldaeffertz.ml/CodkZc57.sea
|
188.114.97.3
|
|
|
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
zed-unusual-activity-com.veldaeffertz.ml
|
188.114.97.3
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
171.22.30.147
|
unknown
|
Germany
|
|
|
|
188.114.97.3
|
zed-unusual-activity-com.veldaeffertz.ml
|
European Union
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Shabbyish\Retablerings
|
Aphetism
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3E2A000
|
direct allocation
|
page execute and read and write
|
|
|
|
28DD000
|
heap
|
page read and write
|
|
|
|
1660000
|
remote allocation
|
page execute and read and write
|
|
|
|
3330000
|
direct allocation
|
page execute and read and write
|
|
|
|
153CE513000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
760C000
|
heap
|
page read and write
|
||
|
5EA000
|
unkown
|
page execute read
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
5D5A000
|
remote allocation
|
page execute and read and write
|
||
|
5F2000
|
unkown
|
page execute read
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
5C2A000
|
direct allocation
|
page execute and read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
37400000
|
remote allocation
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
649000
|
unkown
|
page execute read
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
1FF39F9000
|
stack
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
153CE300000
|
trusted library allocation
|
page read and write
|
||
|
215A000
|
remote allocation
|
page execute and read and write
|
||
|
60000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
407000
|
unkown
|
page readonly
|
||
|
153CE0A0000
|
heap
|
page read and write
|
||
|
5E0000
|
direct allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
153CE500000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
73EC1000
|
unkown
|
page execute read
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
764C000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
355A000
|
remote allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
3F5A000
|
remote allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
224E000
|
stack
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
28D5000
|
heap
|
page read and write
|
||
|
1FF367E000
|
stack
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
153CE223000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
342A000
|
direct allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
7664000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
5F0000
|
unkown
|
page execute read
|
||
|
433000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5E8000
|
unkown
|
page execute read
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
765A000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
trusted library allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
22B5000
|
heap
|
page read and write
|
||
|
842A000
|
direct allocation
|
page execute and read and write
|
||
|
5EE000
|
unkown
|
page execute read
|
||
|
870000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
1FF347D000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
153CE22A000
|
heap
|
page read and write
|
||
|
153CE340000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
90B9000
|
trusted library allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
36B61000
|
heap
|
page read and write
|
||
|
153CE302000
|
trusted library allocation
|
page read and write
|
||
|
662A000
|
direct allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
535A000
|
remote allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
153CE1D0000
|
unclassified section
|
page readonly
|
||
|
7601000
|
heap
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
153CE513000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
153CE213000
|
unkown
|
page read and write
|
||
|
9070000
|
trusted library allocation
|
page read and write
|
||
|
766D000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
153CE315000
|
trusted library allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375DA000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
153CE413000
|
heap
|
page read and write
|
||
|
23BF000
|
stack
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
153CE402000
|
heap
|
page read and write
|
||
|
7A2A000
|
direct allocation
|
page execute and read and write
|
||
|
375D6000
|
direct allocation
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
153CE202000
|
unkown
|
page read and write
|
||
|
4F5000
|
heap
|
page read and write
|
||
|
2434000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
153CE400000
|
heap
|
page read and write
|
||
|
626000
|
unkown
|
page execute read
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
28DA000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
36B61000
|
heap
|
page read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
28DB000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
7608000
|
heap
|
page read and write
|
||
|
153CE1A0000
|
trusted library allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
73EC0000
|
unkown
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
9080000
|
trusted library allocation
|
page read and write
|
||
|
482A000
|
direct allocation
|
page execute and read and write
|
||
|
28D2000
|
heap
|
page read and write
|
||
|
153CE502000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
2B5A000
|
remote allocation
|
page execute and read and write
|
||
|
764B000
|
heap
|
page read and write
|
||
|
37400000
|
remote allocation
|
page read and write
|
||
|
495A000
|
remote allocation
|
page execute and read and write
|
||
|
9070000
|
trusted library allocation
|
page read and write
|
||
|
9070000
|
trusted library allocation
|
page read and write
|
||
|
153CE500000
|
heap
|
page read and write
|
||
|
28D1000
|
heap
|
page read and write
|
||
|
153CE1E0000
|
unclassified section
|
page readonly
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
73EC5000
|
unkown
|
page readonly
|
||
|
702A000
|
direct allocation
|
page execute and read and write
|
||
|
7662000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
522A000
|
direct allocation
|
page execute and read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
153CE502000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
8E2A000
|
direct allocation
|
page execute and read and write
|
||
|
28D3000
|
heap
|
page read and write
|
||
|
153CE200000
|
unkown
|
page read and write
|
||
|
5EC000
|
unkown
|
page execute read
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
7607000
|
heap
|
page read and write
|
||
|
667000
|
heap
|
page read and write
|
||
|
760C000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
7484000
|
heap
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
153CE210000
|
unkown
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
3200000
|
heap
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
37400000
|
remote allocation
|
page read and write
|
||
|
424000
|
unkown
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
7652000
|
heap
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
28DC000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
6A4000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
375D0000
|
direct allocation
|
page read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
675A000
|
remote allocation
|
page execute and read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
175A000
|
remote allocation
|
page execute and read and write
|
||
|
22B0000
|
heap
|
page read and write
|
||
|
153CE030000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
3330000
|
trusted library allocation
|
page read and write
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
153CE20B000
|
unkown
|
page read and write
|
||
|
73EC3000
|
unkown
|
page readonly
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375E0000
|
direct allocation
|
page read and write
|
||
|
375F0000
|
direct allocation
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
There are 218 hidden memdumps, click here to show them.