Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rAEAT-AvisodeNotificaci__n.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Betegner.But
|
data
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Abtegnene\Fabriksnyt\Mdepligts\Sprnghoved\colorimeter-colorhug-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Diuresis\Slockingstone\Rattlebrains\battery-level-90-charging-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Handlingssted\Skovsnegles\Herb\preferences-desktop-font-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Handlingssted\Skovsnegles\Herb\task-due-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Handlingssted\Skovsnegles\Herb\window-close.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Switchboards\Barnls\Minnesanger25.Sug
|
ASCII text, with very long lines (42980), with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Switchboards\Barnls\System.Reflection.Primitives.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Switchboards\Barnls\System.Reflection.TypeExtensions.dll
|
PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\media-playlist-consecutive-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\network-offline-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\network-wireless.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsl6CFC.tmp\AdvSplash.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsl6CFC.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
There are 5 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe
|
C:\Users\user\Desktop\rAEAT-AvisodeNotificaci__n.exe
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://creativecommons.org/ns#DerivativeWorks
|
unknown
|
||
|
http://crl.certum.pl/ctsca2021.crl0o
|
unknown
|
||
|
http://creativecommons.org/licenses/by-sa/4.0/
|
unknown
|
||
|
http://creativecommons.org/ns#Distribution
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://repository.certum.pl/ctsca2021.cer0
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://subca.ocsp-certum.com05
|
unknown
|
||
|
http://creativecommons.org/ns#Attribution
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://creativecommons.org/ns#ShareAlike
|
unknown
|
||
|
https://github.com/dotnet/runtimeBSJB
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://creativecommons.org/ns#Notice
|
unknown
|
||
|
http://creativecommons.org/ns#Reproduction
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
||
|
http://creativecommons.org/ns#
|
unknown
|
||
|
https://github.com/dotnet/runtime
|
unknown
|
There are 11 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\Software\InstallDir32
|
Path
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Micos\Irises\Kandissens\Raceblanding
|
Sulphammonium164
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Hermeneutics\Ophjedes\Amtsraadsmedlemmet
|
Printerproblemernes
|
||
|
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Replyingly\Avnbgen\Spisekamrenes
|
Rumfartscenterets
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\Fetichry
|
Isobase
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
44BC000
|
direct allocation
|
page execute and read and write
|
|
|
|
4390000
|
direct allocation
|
page execute and read and write
|
|
|
|
165A82B0000
|
trusted library allocation
|
page read and write
|
||
|
2590000
|
heap
|
page read and write
|
||
|
165A7448000
|
heap
|
page read and write
|
||
|
56C967B000
|
stack
|
page read and write
|
||
|
165A73E0000
|
trusted library allocation
|
page read and write
|
||
|
7E9000
|
unkown
|
page readonly
|
||
|
58BC000
|
direct allocation
|
page execute and read and write
|
||
|
7D0000
|
unkown
|
page readonly
|
||
|
7D0000
|
unkown
|
page readonly
|
||
|
2450000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
251E000
|
stack
|
page read and write
|
||
|
165A8290000
|
trusted library allocation
|
page read and write
|
||
|
786000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
165A82A0000
|
heap
|
page readonly
|
||
|
7CE000
|
unkown
|
page read and write
|
||
|
8C8000
|
heap
|
page read and write
|
||
|
165A7450000
|
heap
|
page read and write
|
||
|
165A7450000
|
heap
|
page read and write
|
||
|
4EBC000
|
direct allocation
|
page execute and read and write
|
||
|
782000
|
unkown
|
page read and write
|
||
|
909000
|
heap
|
page read and write
|
||
|
91D000
|
heap
|
page read and write
|
||
|
56C99FC000
|
stack
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
56C97F9000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
165A7408000
|
heap
|
page read and write
|
||
|
165A7450000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
56C9879000
|
stack
|
page read and write
|
||
|
165A82C0000
|
trusted library allocation
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
56C98FE000
|
stack
|
page read and write
|
||
|
8F2000
|
heap
|
page read and write
|
||
|
91A000
|
heap
|
page read and write
|
||
|
789000
|
unkown
|
page read and write
|
||
|
165A7360000
|
heap
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
880000
|
heap
|
page read and write
|
||
|
30B0000
|
trusted library allocation
|
page read and write
|
||
|
165A7395000
|
heap
|
page read and write
|
||
|
8FF000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
25A6000
|
heap
|
page read and write
|
||
|
922000
|
heap
|
page read and write
|
||
|
77C000
|
unkown
|
page read and write
|
||
|
165A744B000
|
heap
|
page read and write
|
||
|
7B3000
|
unkown
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
165A7500000
|
trusted library allocation
|
page read and write
|
||
|
165A744D000
|
heap
|
page read and write
|
||
|
7A4000
|
unkown
|
page read and write
|
||
|
165A7399000
|
heap
|
page read and write
|
||
|
906000
|
heap
|
page read and write
|
||
|
7E9000
|
unkown
|
page readonly
|
||
|
7A6000
|
unkown
|
page read and write
|
||
|
165A7390000
|
heap
|
page read and write
|
||
|
165A7210000
|
trusted library allocation
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
895000
|
heap
|
page read and write
|
||
|
165A7400000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
62BC000
|
direct allocation
|
page execute and read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
165A8040000
|
trusted library allocation
|
page read and write
|
||
|
165A7472000
|
heap
|
page read and write
|
||
|
921000
|
heap
|
page read and write
|
||
|
2AEF000
|
stack
|
page read and write
|
||
|
99000
|
stack
|
page read and write
|
||
|
2480000
|
heap
|
page read and write
|
||
|
25A0000
|
heap
|
page read and write
|
||
|
24CE000
|
stack
|
page read and write
|
||
|
165A7410000
|
heap
|
page read and write
|
||
|
2BED000
|
stack
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
165A7340000
|
heap
|
page read and write
|
||
|
7EF000
|
unkown
|
page readonly
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
165A8050000
|
trusted library allocation
|
page read and write
|
||
|
8FA000
|
heap
|
page read and write
|
||
|
4380000
|
heap
|
page read and write
|
||
|
165A7200000
|
heap
|
page read and write
|
||
|
7AB000
|
unkown
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
2CED000
|
stack
|
page read and write
|
||
|
7E0000
|
unkown
|
page readonly
|
||
|
2484000
|
heap
|
page read and write
|
||
|
165A73F0000
|
trusted library allocation
|
page read and write
|
||
|
165A8310000
|
trusted library allocation
|
page read and write
|
||
|
6CBC000
|
direct allocation
|
page execute and read and write
|
||
|
913000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
408000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
56C9979000
|
stack
|
page read and write
|
There are 92 hidden memdumps, click here to show them.