Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
DHLIN00178.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Pointberegningernes241\Chaiselongs\Whatchamacallits76\querciflorae\System.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\Dystonia.Fis116
|
ASCII text, with very long lines (53810), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\Skrddersjlenes.Nou
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\SolutionExplorerCLI.dll
|
PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Maattet\System.Security.Cryptography.X509Certificates.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Mandslinien\Characterizable\Senilitetstegnet\percentile.dll
|
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Pointberegningernes241\Chaiselongs\Whatchamacallits76\querciflorae\libdatrie-1.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Stingily\Nebularise\stormagasiners\libpkcs11-helper-1.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ghetto\Stingily\Nebularise\stormagasiners\maintenanceservice2.exe
|
PE32+ executable (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsb19E8.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\DHLIN00178.exe
|
C:\Users\user\Desktop\DHLIN00178.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://nsis.sf.net/NSIS_Error
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
https://aka.ms/dotnet-warnings/
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.symauth.com/cps0(
|
unknown
|
||
|
http://www.symauth.com/rpa00
|
unknown
|
||
|
https://mozilla.org0
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.nero.com
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\anarkisterne\Thanages
|
Festival
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
9D81000
|
direct allocation
|
page execute and read and write
|
|
|
|
421000
|
unkown
|
page read and write
|
||
|
4D81000
|
direct allocation
|
page execute and read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
68F000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
2855000
|
heap
|
page read and write
|
||
|
2300000
|
heap
|
page read and write
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
6181000
|
direct allocation
|
page execute and read and write
|
||
|
2857000
|
heap
|
page read and write
|
||
|
661000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
68A000
|
heap
|
page read and write
|
||
|
285D000
|
heap
|
page read and write
|
||
|
68D000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4C10000
|
direct allocation
|
page execute and read and write
|
||
|
2850000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
617000
|
heap
|
page read and write
|
||
|
22F0000
|
heap
|
page read and write
|
||
|
226E000
|
stack
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
6AE000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
4C5000
|
heap
|
page read and write
|
||
|
68E000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
2760000
|
heap
|
page read and write
|
||
|
436000
|
unkown
|
page readonly
|
||
|
63C000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
429000
|
unkown
|
page read and write
|
||
|
2020000
|
heap
|
page read and write
|
||
|
2855000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
8981000
|
direct allocation
|
page execute and read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
22F4000
|
heap
|
page read and write
|
||
|
433000
|
unkown
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
72DD3000
|
unkown
|
page readonly
|
||
|
651000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
7F81000
|
direct allocation
|
page execute and read and write
|
||
|
2026000
|
heap
|
page read and write
|
||
|
7581000
|
direct allocation
|
page execute and read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
5781000
|
direct allocation
|
page execute and read and write
|
||
|
2750000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
1FB0000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
274F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
64D000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
9381000
|
direct allocation
|
page execute and read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
2853000
|
heap
|
page read and write
|
||
|
285D000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2852000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
222F000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
64D000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
A781000
|
direct allocation
|
page execute and read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
383D000
|
stack
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
285A000
|
heap
|
page read and write
|
||
|
409000
|
unkown
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
431000
|
unkown
|
page read and write
|
||
|
469000
|
unkown
|
page readonly
|
||
|
64D000
|
heap
|
page read and write
|
||
|
6B81000
|
direct allocation
|
page execute and read and write
|
||
|
72DD5000
|
unkown
|
page readonly
|
||
|
393B000
|
stack
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
65B000
|
heap
|
page read and write
|
||
|
200E000
|
stack
|
page read and write
|
||
|
664000
|
heap
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
4C0000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
63C000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
72DD1000
|
unkown
|
page execute read
|
||
|
72DD0000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
2853000
|
heap
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
651000
|
heap
|
page read and write
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page readonly
|
||
|
409000
|
unkown
|
page write copy
|
||
|
6A9000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
436000
|
unkown
|
page readonly
|
||
|
648000
|
heap
|
page read and write
|
||
|
648000
|
heap
|
page read and write
|
||
|
425000
|
unkown
|
page read and write
|
||
|
64D000
|
heap
|
page read and write
|
||
|
3770000
|
heap
|
page read and write
|
||
|
2857000
|
heap
|
page read and write
|
There are 130 hidden memdumps, click here to show them.