Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
invoice.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\icon-ui.icns
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Diskofils\Justiciaryship\vmusbmouse.cat
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Stemningssvingning\Urgently.Suk
|
ASCII text, with very long lines (52812), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\SourceCodePro-ExtraLight.otf
|
OpenType font data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\cs.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\figuranternes.Han
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsfE5AA.tmp\AdvSplash.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsfE5AA.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\invoice.exe
|
C:\Users\user\Desktop\invoice.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://www.nero.com
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://www.avast.com0/
|
unknown
|
||
|
http://scripts.sil.org/OFLSource
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
There are 9 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Hose11\Carnel146\Poly\Hedonophobia
|
Konsekvensmager
|
||
|
HKEY_CURRENT_USER\Software\InstallDir32
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lejekasserner
|
Fortrnelsens
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4ED000
|
heap
|
page read and write
|
||
|
58EB000
|
direct allocation
|
page execute and read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
4320000
|
direct allocation
|
page execute and read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
43B000
|
unkown
|
page read and write
|
||
|
22E6000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
441000
|
unkown
|
page readonly
|
||
|
254F000
|
stack
|
page read and write
|
||
|
4A3000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
4E2000
|
heap
|
page read and write
|
||
|
2420000
|
heap
|
page read and write
|
||
|
B652079000
|
stack
|
page read and write
|
||
|
B6521FC000
|
stack
|
page read and write
|
||
|
29E2ABE5000
|
heap
|
page read and write
|
||
|
6CEB000
|
direct allocation
|
page execute and read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
29E2B900000
|
heap
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
23EF000
|
stack
|
page read and write
|
||
|
2F1D000
|
stack
|
page read and write
|
||
|
29E2ABA0000
|
trusted library allocation
|
page read and write
|
||
|
4EC000
|
heap
|
page read and write
|
||
|
43F000
|
unkown
|
page read and write
|
||
|
29E2A9A0000
|
heap
|
page read and write
|
||
|
477000
|
heap
|
page read and write
|
||
|
4FF000
|
heap
|
page read and write
|
||
|
29E2ABE9000
|
heap
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
29E2ABF0000
|
trusted library allocation
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
B6520FE000
|
stack
|
page read and write
|
||
|
4C2000
|
heap
|
page read and write
|
||
|
222E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
29E2AB40000
|
trusted library allocation
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
62EB000
|
direct allocation
|
page execute and read and write
|
||
|
29E2AB30000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
4B5000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
25D4000
|
heap
|
page read and write
|
||
|
29E2AA10000
|
heap
|
page read and write
|
||
|
49F000
|
heap
|
page read and write
|
||
|
29E2AA4D000
|
heap
|
page read and write
|
||
|
29E2B970000
|
trusted library allocation
|
page read and write
|
||
|
4F4000
|
heap
|
page read and write
|
||
|
4F1000
|
heap
|
page read and write
|
||
|
470000
|
heap
|
page read and write
|
||
|
B651FF9000
|
stack
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
5B0000
|
heap
|
page read and write
|
||
|
29E2ABE0000
|
heap
|
page read and write
|
||
|
29E2B8F0000
|
trusted library allocation
|
page read and write
|
||
|
4BB000
|
heap
|
page read and write
|
||
|
22BE000
|
stack
|
page read and write
|
||
|
76EB000
|
direct allocation
|
page execute and read and write
|
||
|
4FA000
|
heap
|
page read and write
|
||
|
4B8000
|
heap
|
page read and write
|
||
|
29E2A870000
|
trusted library allocation
|
page read and write
|
||
|
29E2AA4D000
|
heap
|
page read and write
|
||
|
B652179000
|
stack
|
page read and write
|
||
|
29E2AA45000
|
heap
|
page read and write
|
||
|
42C000
|
unkown
|
page read and write
|
||
|
8AEB000
|
direct allocation
|
page execute and read and write
|
||
|
29E2B920000
|
trusted library allocation
|
page read and write
|
||
|
29E2AA6F000
|
heap
|
page read and write
|
||
|
44EB000
|
direct allocation
|
page execute and read and write
|
||
|
29E2AA00000
|
heap
|
page read and write
|
||
|
80EB000
|
direct allocation
|
page execute and read and write
|
||
|
53E000
|
heap
|
page read and write
|
||
|
29E2A9C0000
|
heap
|
page read and write
|
||
|
29E2AA4D000
|
heap
|
page read and write
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
29E2A860000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
301B000
|
stack
|
page read and write
|
||
|
4C3000
|
heap
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
29E2B6E0000
|
trusted library allocation
|
page read and write
|
||
|
504000
|
heap
|
page read and write
|
||
|
25D0000
|
heap
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
620000
|
heap
|
page read and write
|
||
|
29E2B910000
|
trusted library allocation
|
page read and write
|
||
|
441000
|
unkown
|
page readonly
|
||
|
4EEB000
|
direct allocation
|
page execute and read and write
|
||
|
29E2AA08000
|
heap
|
page read and write
|
||
|
2410000
|
heap
|
page read and write
|
||
|
B651E7B000
|
stack
|
page read and write
|
There are 88 hidden memdumps, click here to show them.