Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Royalistic.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nsk1BF9.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Afdelingskontorer.Ate
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Affaldsproblem\x-office-spreadsheet.png
|
PNG image data, 16 x 16, 8-bit colormap, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-core-processthreads-l1-1-1.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-crt-stdio-l1-1-0.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\drive-multidisk.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\System.Xml.XmlDocument.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\accessories-dictionary.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Laboratories53\x-office-address-book-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Mitheithel\Homoplasy\Wice\AMD.Power.Processor.ppkg
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-new-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-templates-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\printer-printing-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\screen-shared-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\AsMultiLang.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\PSReadline.psd1
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
There are 7 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Royalistic.exe
|
C:\Users\user\Desktop\Royalistic.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://jimmac.musichall.czif
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
677000
|
heap
|
page read and write
|
|
|
|
4EF6000
|
direct allocation
|
page execute and read and write
|
|
|
|
408000
|
unkown
|
page readonly
|
||
|
448000
|
unkown
|
page read and write
|
||
|
414000
|
unkown
|
page read and write
|
||
|
1BD6D250000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
438000
|
unkown
|
page read and write
|
||
|
80F6000
|
direct allocation
|
page execute and read and write
|
||
|
308D000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
6CF6000
|
direct allocation
|
page execute and read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
1BD6D000000
|
heap
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
1BD6D290000
|
heap
|
page read and write
|
||
|
4CB000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
62F6000
|
direct allocation
|
page execute and read and write
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
1BD6D098000
|
heap
|
page read and write
|
||
|
2370000
|
heap
|
page read and write
|
||
|
1BD6D0DE000
|
heap
|
page read and write
|
||
|
673000
|
heap
|
page read and write
|
||
|
2F8D000
|
stack
|
page read and write
|
||
|
5A44B7A000
|
stack
|
page read and write
|
||
|
1BD6D299000
|
heap
|
page read and write
|
||
|
45B000
|
unkown
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
4360000
|
direct allocation
|
page execute and read and write
|
||
|
1BD6D240000
|
trusted library allocation
|
page read and write
|
||
|
1BD6DD90000
|
trusted library allocation
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
1BD6D220000
|
trusted library allocation
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
687000
|
heap
|
page read and write
|
||
|
22AF000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1BD6D0DE000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
4D1000
|
unkown
|
page readonly
|
||
|
68A000
|
heap
|
page read and write
|
||
|
410000
|
unkown
|
page read and write
|
||
|
73436000
|
unkown
|
page readonly
|
||
|
1BD6D080000
|
trusted library allocation
|
page read and write
|
||
|
5A44C7E000
|
stack
|
page read and write
|
||
|
4CF000
|
unkown
|
page readonly
|
||
|
5A44BFB000
|
stack
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
2374000
|
heap
|
page read and write
|
||
|
1BD6D070000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
5A44CF9000
|
stack
|
page read and write
|
||
|
1BD6CFE0000
|
heap
|
page read and write
|
||
|
1BD6D0A0000
|
heap
|
page read and write
|
||
|
1BD6D2A0000
|
trusted library allocation
|
page read and write
|
||
|
27BF000
|
stack
|
page read and write
|
||
|
47F000
|
unkown
|
page read and write
|
||
|
1BD6D090000
|
heap
|
page read and write
|
||
|
44F6000
|
direct allocation
|
page execute and read and write
|
||
|
231E000
|
stack
|
page read and write
|
||
|
2EC0000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
40C000
|
unkown
|
page read and write
|
||
|
1BD6D230000
|
heap
|
page readonly
|
||
|
1BD6D295000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
73431000
|
unkown
|
page execute read
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
5A447FB000
|
stack
|
page read and write
|
||
|
8AF6000
|
direct allocation
|
page execute and read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
4CF000
|
unkown
|
page readonly
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
6A7000
|
heap
|
page read and write
|
||
|
1BD6CEA0000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
1BD6CEB0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1BD6D0DE000
|
heap
|
page read and write
|
||
|
4DF000
|
unkown
|
page readonly
|
||
|
4DF000
|
unkown
|
page readonly
|
||
|
4D1000
|
unkown
|
page readonly
|
||
|
6AB000
|
heap
|
page read and write
|
||
|
5A44D79000
|
stack
|
page read and write
|
||
|
1BD6DFB0000
|
trusted library allocation
|
page read and write
|
||
|
76F6000
|
direct allocation
|
page execute and read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
73430000
|
unkown
|
page readonly
|
||
|
73434000
|
unkown
|
page readonly
|
||
|
1BD6D1E0000
|
trusted library allocation
|
page read and write
|
||
|
68D000
|
heap
|
page read and write
|
||
|
4C7000
|
unkown
|
page read and write
|
||
|
58F6000
|
direct allocation
|
page execute and read and write
|
There are 86 hidden memdumps, click here to show them.