Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
o6OaOfrAQs.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Kontos.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsf929A.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Dykereeve\Jackbsningen\Telescopiform\Bestridende\AEGISIIIRadeonHelper.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Dykereeve\Jackbsningen\Telescopiform\Bestridende\Profetiske.Byg
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Dykereeve\Jackbsningen\Telescopiform\Bestridende\Sankekort.Sch209
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Hjtideligholdelser\Liechtensteiner\Systemopstninger\pan-start-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Hjtideligholdelser\Liechtensteiner\Systemopstninger\printer-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Idolatrous\Kaes\pt-br.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Ravingly\Magnetoplasmadynamics\godsvognen\avatar-default-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\be.txt
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\changes-allow-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\dotnet.api
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\ebook-reader.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\emblem-photos-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\font-select-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Tilrettelggelsernes\Gyrite\network-wired-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\fumigatorium\Tertser\Omstrukturdnr\Unrivalled\Nonexhaustively\Snaffle\Stealthful\LogoCanary.png
|
PNG image data, 600 x 600, 8-bit/color RGBA, non-interlaced
|
dropped
|
There are 8 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\o6OaOfrAQs.exe
|
C:\Users\user\Desktop\o6OaOfrAQs.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\Shabbyish\Retablerings
|
Aphetism
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
341C000
|
direct allocation
|
page execute and read and write
|
|
|
|
43F000
|
unkown
|
page readonly
|
||
|
123EFAE0000
|
trusted library allocation
|
page read and write
|
||
|
123EFA60000
|
heap
|
page readonly
|
||
|
43F000
|
unkown
|
page readonly
|
||
|
123EF810000
|
heap
|
page read and write
|
||
|
27BE000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
97000
|
stack
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
27B3000
|
heap
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
123EF93F000
|
heap
|
page read and write
|
||
|
123EF937000
|
heap
|
page read and write
|
||
|
123F07E0000
|
trusted library allocation
|
page read and write
|
||
|
123EF8F0000
|
heap
|
page read and write
|
||
|
123EF830000
|
heap
|
page read and write
|
||
|
123EF8B0000
|
trusted library allocation
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
6C6000
|
heap
|
page read and write
|
||
|
123EF93E000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
21CFF7D000
|
stack
|
page read and write
|
||
|
697000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
27B8000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
3ED0000
|
trusted library allocation
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
2310000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
400000
|
unkown
|
page readonly
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
3ED0000
|
trusted library allocation
|
page read and write
|
||
|
43A000
|
unkown
|
page readonly
|
||
|
27BA000
|
heap
|
page read and write
|
||
|
2364000
|
heap
|
page read and write
|
||
|
27B4000
|
heap
|
page read and write
|
||
|
123EFAD9000
|
heap
|
page read and write
|
||
|
22FF000
|
stack
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
123EFAD0000
|
heap
|
page read and write
|
||
|
123EFA80000
|
trusted library allocation
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page write copy
|
||
|
123EF8E0000
|
trusted library allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
216E000
|
stack
|
page read and write
|
||
|
123EF6E0000
|
trusted library allocation
|
page read and write
|
||
|
424000
|
unkown
|
page read and write
|
||
|
74373000
|
unkown
|
page readonly
|
||
|
21CFDF9000
|
stack
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
3E1C000
|
direct allocation
|
page execute and read and write
|
||
|
21CFE7E000
|
stack
|
page read and write
|
||
|
27B6000
|
heap
|
page read and write
|
||
|
32CF000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
32C0000
|
trusted library allocation
|
page read and write
|
||
|
21CFEFA000
|
stack
|
page read and write
|
||
|
123EF900000
|
heap
|
page read and write
|
||
|
74370000
|
unkown
|
page readonly
|
||
|
123EF8A0000
|
trusted library allocation
|
page read and write
|
||
|
74375000
|
unkown
|
page readonly
|
||
|
123EFAD5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
123EF93E000
|
heap
|
page read and write
|
||
|
32C0000
|
direct allocation
|
page execute and read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
421000
|
unkown
|
page read and write
|
||
|
27BE000
|
heap
|
page read and write
|
||
|
123F05D0000
|
trusted library allocation
|
page read and write
|
||
|
123EF8C0000
|
trusted library allocation
|
page read and write
|
||
|
21F6000
|
heap
|
page read and write
|
||
|
433000
|
unkown
|
page read and write
|
||
|
27B1000
|
heap
|
page read and write
|
||
|
123EFA70000
|
trusted library allocation
|
page read and write
|
||
|
3ED0000
|
trusted library allocation
|
page read and write
|
||
|
27B3000
|
heap
|
page read and write
|
||
|
123EF8F8000
|
heap
|
page read and write
|
||
|
74371000
|
unkown
|
page execute read
|
||
|
21CFD79000
|
stack
|
page read and write
|
||
|
123EF6D0000
|
heap
|
page read and write
|
||
|
21F0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
65E000
|
stack
|
page read and write
|
||
|
21CF9EC000
|
stack
|
page read and write
|
||
|
27B0000
|
heap
|
page read and write
|
||
|
4F0000
|
heap
|
page read and write
|
There are 86 hidden memdumps, click here to show them.