Advanced File Analysis System

File Name: 2

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 0dddca0add163af6238f2b68bc25a88ada1f35d5

MD5: cc52ba8f6f250704f6ed9139a242382f

Networking

Attempts to connect to a dead IP:Port (11 unique times) Show sources

network_host_ip	104.31.74.124:80 (unknown)
network_host_ip	104.31.75.124:80 (unknown)
network_host_ip	54.175.70.194:80 (United States)
network_host_ip	119.28.153.89:80 (China)
network_host_ip	74.82.59.181:443 (United States)
network_host_ip	104.16.152.172:80 (unknown)
network_host_ip	188.226.138.244:443 (Netherlands)
network_host_ip	216.105.38.13:80 (United States)
network_host_ip	184.26.44.97:80 (United States)
network_host_ip	184.26.44.105:80 (United States)
network_host_ip	184.26.44.103:80 (United States)

Performs some HTTP requests Show sources

network_url	http://downloads.sourceforge.net/project/npppluginmgr/xml/plugins.md5.txt
network_url	http://api.blockcypher.com/v1/btc/main/addrs/17gd1msp5FnMcEMF1MitTNSsYs7w7AQyCt?_=1524383141575
network_url	http://btc.blockr.io/api/v1/address/txs/17gd1msp5FnMcEMF1MitTNSsYs7w7AQyCt?_=1524384986825
network_url	http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
network_url	http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8D4g
network_url	http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgSMnuKt8tKyyjnODwjC1ZYVOw%3D%3D
network_url	http://ocsp2.globalsign.com/gsdomainvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTR8bV2%2Be7AwQ96%2FHwxJKnDYl18YQQU6k581IAt5RWBhiaMgm3AmKTPlw8CDAIeKarC7MJ2RYOA9A%3D%3D
network_url	http://downloads.sourceforge.net/project/npppluginmgr/xml/plugins.zip
network_url	http://p27dokhpz2n7nvgr.1j9r76.top/56BE-BE2A-3B89-0446-990F?iframe&_=1524386779887
network_url	http://crl.globalsign.net/primobject.crl

Network activity contains more than one unique useragent. Show sources

Process	mshta.exe
User-Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Process	notepad++.exe
User-Agent	Notepad++/Plugin-Manager;v1.3.5.0

Lowering of HIPS/ PFW/ Operating System Security Settings

Attempts to block SafeBoot use by removing registry keys Show sources

registry_delete

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option

Cryptography

At least one IP Address, Domain, or File Name was found in a crypto call Show sources

ioc	0.2.8
ioc	1.1.7.3
ioc	http://sourceforge.net/projects/nppactivexplugin/
ioc	1.0.4.2
ioc	6.6.8
ioc	http://sourceforge.net/projects/nppactivexplugin/files/bin/ActiveX_Unicode_1_1_7_3.zip/download
ioc	http://sourceforge.net/projects/nppactivexplugin/files/bin/ActiveX_ANSI_1_1_7_3.zip/download
ioc	1.9.24
ioc	https://nppscrips.codeplex.com/
ioc	v1.0.0.0
ioc	6.4.5
ioc	http://www.csscript.net/npp/NppScripts.1.0.0.0.zip
ioc	cripts.dll
ioc	readme.txt
ioc	1.4.0
ioc	http://sites.google.com/site/fstellari/nppplugins
ioc	http://downloads.sourceforge.net/project/npp-plugins/AutoSave/AutoSave_dll_1v40.zip
ioc	1.0.0.0
ioc	1.19
ioc	1.11
ioc	1.12
ioc	1.15
ioc	1.17
ioc	1.18
ioc	http://freeweb.siol.net/rmihor/NppCCompletionPlugin.zip
ioc	lugin.dll
ioc	ctags.exe
ioc	1.2.1
ioc	http://downloads.sourceforge.net/project/npp-plugins/ClipboardHelper/ClipboardHelper-v1.0.zip
ioc	elper.dll
ioc	http://codealignment.com
ioc	https://github.com/cpmcgrath/codealignment/releases/download/v12/CodeAlignmentNpp_12_0.zip
ioc	pp.dll
ioc	ommon.dll
ioc	orms.dll
ioc	0.8.1
ioc	ort-1.0.0.2.zip
ioc	http://william.famille-blum.org/software/nppcolumnsort/NppColumnSort-1.0.0.2.zip
ioc	ort.dll
ioc	http://www.scout-soft.com/combine
ioc	http://www.scout-soft.com/combine/combine.zip
ioc	combine.dll
ioc	1.5.6
ioc	http://sourceforge.net/projects/npp-plugins/files/ComparePlugin/Compare_1_5_5_src.zip/download
ioc	1.5.4
ioc	1.5.3
ioc	1.5.2
ioc	1.5.1
ioc	http://download.tuxfamily.org/nppplugins/Converter/NppConverter.v3.0.zip
ioc	onverter.dll
ioc	xt...
ioc	1.1.0.0
ioc	http://notepad-plus.sourceforge.net/commun/pluginsBin/ConvertExt_v11RC1.zip
ioc	xt.dll
ioc	xt.ini
ioc	xt.enc
ioc	xt.lng
ioc	1.0.46.0
ioc	http://www.csscript.net/npp/
ioc	https://csscriptnpp.codeplex.com/
ioc	v1.0.46.0
ioc	3.10
ioc	3.11
ioc	6.0.
ioc	http://downloads.sourceforge.net/project/npp-customize/Customize
ioc	oolbar.dll
ioc	0.0.11.20
ioc	http://sourceforge.net/project/downloading.php
ioc	forge.net/project/npp-plugins/DocMonitor/DocMonitor
ioc	onitor.v2.2.dll.zip
ioc	onitor.unicode.dll
ioc	http://downloads.sourceforge.net/project/npp-plugins/DocMonitor/DocMonitor
ioc	onitor.ansi.dll
ioc	http://sourceforge.net/projects/npp-plugins/files/ColorPicker/Color
ioc	20v.2.3/ColorPicker_230_dll.zip/download
ioc	icker.dll
ioc	0.2.5
ioc	https://github.com/dail8859/doxyit
ioc	https://github.com/dail8859/DoxyIt/releases/download/v0.2.5/DoxyIt.zip
ioc	t.dll
ioc	https://github.com/editorconfig/editorconfig-notepad-plus-plus
ioc	http://downloads.sourceforge.net/project/editorconfig/EditorConfig-Notepad
ioc	0.1.3/Unicode/NppEditorConfig.zip
ioc	onfig.dll
ioc	0.1.3/Ansi/NppEditorConfig.zip
ioc	http://www.eibericht.nl
ioc	http://eibericht.nl/eibericht16.zip
ioc	eibericht.dll
ioc	i-bericht.ini
ioc	1.0.2
ioc	http://emmet.io
ioc	https://github.com/emmetio/npp
ioc	http://download.emmet.io/npp/emmet-np
ioc	0.1.1
ioc	http://github.com/ppv/NPPFSIPlugin/tree/master/Source/Plugin
ioc	0.1.0.0
ioc	0.1.1.0
ioc	http://github.com/downloads/ppv/NPPFSIPlugin/NPPFSIPlugin.zip
ioc	http://downloads.sourceforge.net/project/npp-plugins/FallingBricks/FallingBricks
ioc	dll.zip
ioc	ricks.dll
ioc	change.log
ioc	license.txt
ioc	1.0.3.0
ioc	http://www.brotherstone.co.uk/npp/FTP_Synchronise/FTP_synchronize_amend.zip
ioc	synchronize.dll
ioc	http://downloads.sourceforge.net/project/npp-plugins/FTP_synchronize/FTP_synchronize
ioc	20v0.9.6.1/FTP_synchronize_0_9_6_1_dll.zip
ioc	1.2.0.0
ioc	2.0.0.0
ioc	http://sourceforge.net/projects/npp-plugins/files/
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/FunctionList_2_0_UNI_dll.zip
ioc	ules.xml
ioc	ist.dll
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/FunctionList_1_2_dll.zip
ioc	0.2.0.37
ioc	http://www.genapps.net
ioc	http://sourceforge.net/projects/gedcomlexer/
ioc	http://sourceforge.net/projects/gedcomlexer/files/GedcomLexer-0.2
ioc	ua.xml
ioc	ua.dll
ioc	http://golang.org/doc/install
ioc	https://github.com/nsf/gocode
ioc	https://github.com/tike/GOnpp
ioc	28.03.2014
ioc	v1.2.0.0
ioc	n19.02.2014
ioc	v1.1.0.0
ioc	n24.01.2014
ioc	http://sourceforge.net/projects/gonpp/files/GOnpp_1.2_UNI.zip/download
ioc	npp.dll
ioc	1.0.0
ioc	ugs.com
ioc	https://grepbugs.com/plugins
ioc	https://github.com/foospidy/GrepBugsPluginNotepadPlusPlus
ioc	.index.php
ioc	http://f0dder.dcmembers.com/nppplugs/npp_plugins.zip
ioc	guidguard.dll
ioc	0.9.5.0
ioc	https://sourceforge.net/projects/npp-plugins/files/
ioc	v0.9.3
ioc	http://downloads.sourceforge.net/project/npp-plugins/Hex
ioc	20v0.9.5/HexEditor_0_9_5_UNI_dll.zip
ioc	ditor.dll
ioc	20v0.9.
ioc	nicode.zip
ioc	mage.dll
ioc	lus.dll
ioc	ag.dll
ioc	0.7.1
ioc	https://code.google.com/p/indentbyfold/
ioc	https://indentbyfold.googlecode.com/files/IndentByFold-071.zip
ioc	old.dll
ioc	e.pdf
ioc	http://www.jslint.com/lint.html
ioc	https://sourceforge.net/projects/jslintnpp/
ioc	www.jshint.com
ioc	http://www.sunjw.us/jstoolnpp
ioc	https://github.com/sunjw/jstoolnpp
ioc	http://sourceforge.net/projects/jsminnpp/files/Uni/JSToolNPP.1.16.10.uni.zip/download
ioc	http://sourceforge.net/projects/jsminnpp/files/Asc/JSToolNPP.1.16.10.asc.zip/download
ioc	1.6.1
ioc	https://sites.google.com/site/fstellari/nppplugins/LanguageHelp_dll_1v61.zip
ioc	elp.dll
ioc	https://sourceforge.net/projects/lexamples
ioc	http://sourceforge.net/projects/lexamples/files/v1.0.0/lexamples_1_0_0.zip/download
ioc	lexamples.dll
ioc	lexamples.xml
ioc	1.6.0.0
ioc	https://sourceforge.net/projects/locationnav/
ioc	https://sourceforge.net/projects/locationnav/files/
ioc	0.4.3
ioc	0.4.5.1
ioc	0.4.7.1
ioc	0.4.7.2
ioc	0.4.7.3
ioc	0.4.7.4
ioc	0.4.7.5
ioc	0.4.7.6
ioc	0.4.7.7
ioc	http://sourceforge.net/projects/locationnav/files/LocationNavigate_v0.4.7.7.zip/download
ioc	avigate.dll
ioc	release.zip
ioc	stats.cfg
ioc	0.0.3.0
ioc	0.0.5.5
ioc	http://www.semelinanno.com/downloads/anmxnpp/anmXNpp_Page.html
ioc	http://semelinanno.com/downloads/mathpad/ver0050/MathPad_v0050.zip
ioc	http://semelinanno.com/downloads/mathpad/ver0055/MathPad_v0055.zip
ioc	mathpad.dll
ioc	http://www.semelinanno.com/downloads/anmxnpp/ver0030/anmXNpp_v0030.zip
ioc	1.1.0
ioc	http://downloads.sourceforge.net/project/npp-plugins/MultiClipboard/MultiClipboard
ioc	lipboard.dll
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/MultiClipboard_1_4_1_dll.zip
ioc	eadme.txt
ioc	1.0.0.3
ioc	https://sourceforge.net/projects/nppmusicplayer
ioc	https://github.com/gallettube/MusicPlayer
ioc	v1.0.0.3
ioc	v1.0.0.2
ioc	v1.0.0.1
ioc	http://downloads.sourceforge.net/project/nppmusicplayer/MusicPlayer.zip
ioc	layer.dll
ioc	ceforge.net/projects/locationnav/files/
ioc	0.1.0
ioc	0.1.2
ioc	0.1.3
ioc	http://sourceforge.net/projects/locationnav/files/NewFileBrowser_v0.1.3.zip/download
ioc	rowser.dll
ioc	http://sourceforge.net/projects/locationnav/files/NewFileBrowserA_v0.1.3.zip/download
ioc	1.5.0
ioc	https://github.com/lygstate/NotepadStarter/archive/2.0.0.0.zip
ioc	https://github.com/lygstate/NotepadStarter/releases/download/2.0.0.0/NotepadStarter-2.0.0.0.zip
ioc	tarter.exe
ioc	nstall.bat
ioc	eplacer.bat
ioc	ninstall.bat
ioc	readme.md
ioc	request-admin.bat
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/NppAutoIndent_1_2_dll.zip
ioc	ndent.dll
ioc	http://www.cerberus-design.de/nppcrypt/nppcryptv1010.zip
ioc	rypt.dll
ioc	readme.v1010.txt
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/NppDocShare_0_1_src.zip
ioc	0.5.3
ioc	http://downloads.sourceforge.net/project/npp-plugins/
ioc	saved.txt
ioc	http://sourceforge.net/projects/npp-plugins/files/NppExec/NppExec
ioc	20v0.5.3/NppExec_053_dll_Unicode.zip/download
ioc	xec.dll
ioc	1.0.2a
ioc	0.6.5
ioc	http://downloads.sourceforge.net/project/nppftp/NppFTP_0.26.3.zip
ioc	libssh.txt
ioc	http://downloads.sourceforge.net/project/nppftp/NppFTP_0.26.zip
ioc	0.26
ioc	3.1.0
ioc	1.2.2/NppJumpList.1.2.2.bin.zip
ioc	0.7.5
ioc	http://sourceforge.net/projects/nppmenusearch/
ioc	http://www2.brotherstone.co.uk/npp/NppMenuSearch075.zip
ioc	earch.dll
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/NppDocShare_0_1_dll.zip
ioc	hare.dll
ioc	http://sourceforge.net/projects/notepad-plus/forums/forum/482781/topic/5333716
ioc	http://dl.dropbox.com/u/163495/NppPlates.zip
ioc	lates.dll
ioc	1.3.4
ioc	orge.net/project/npp-plugins/Oberon2Lexer/Oberon2Lexer
ioc	exer.v0.3.zip
ioc	0.3.1
ioc	http://downloads.sourceforge.net/project/npp-plugins/Oberon2Lexer/Oberon2Lexer
ioc	200.3.1/Oberon2Lexer.v0.3.1.zip
ioc	exer.dll
ioc	exer.xml
ioc	2.3.2
ioc	orge.net
ioc	http://downloads.sourceforge.net/project/npp-plugins/Obide/Obide
ioc	202.3.2/Obide.v.2.3.2.zip
ioc	bide.ini
ioc	election.dll
ioc	2.0.0.1
ioc	http://www.brotherstone.co.uk/npp/perforce/NppPerforcePlugin_Source.zip
ioc	http://www.brotherstone.co.uk/npp/perforce/NppPerforcePlugin_Unicode.zip
ioc	http://www.brotherstone.co.uk/npp/perforce/NppPerforcePlugin_Ansi.zip
ioc	nsi.dll
ioc	1.4.1
ioc	https://github.com/StanDog/npp-phpautocompletion
ioc	n08.03.2014
ioc	v1.2.3
ioc	n28.02.2014
ioc	v1.2.2
ioc	n27.02.2014
ioc	v1.2.1
ioc	n26.02.2014
ioc	i.a.
ioc	n05.12.2013
ioc	n01.04.2013
ioc	v1.0.1
ioc	https://github.com/Stan
ioc	http://www.brotherstone.co.uk/npp/changemarker/NppPlugin_ChangeMarker_Unicode_bin.zip
ioc	argin.dll
ioc	argin.xml
ioc	http://www.brotherstone.co.uk/npp/changemarker/NppPlugin_ChangeMarker_Ansi_bin.zip
ioc	0.3.0.0
ioc	http://fstellari.googlepages.com/PluginUpdate_dll_0v30.zip
ioc	http://www.architectshack.com/PoorMansTSqlFormatter.ashx
ioc	https://github.com/TaoK/PoorMansTSqlFormatter
ioc	http://www.architects
ioc	http://download.tuxfamily.org/nppplugins/Pork2Sausage/Pork2Sausage.bin.1.0.zip
ioc	ausage.ini
ioc	e.txt
ioc	ausage.dll
ioc	http://poshcode.org/notepad
ioc	exer.1.0.src.zip
ioc	exer.1.0.unicode.zip
ioc	exers.dll
ioc	elp.txt
ioc	exers.xml
ioc	exer.1.0.ansi.zip
ioc	1.2.1.0
ioc	http://fossil.2of4.net/npp_preview/
ioc	http://fossil.2of4.net/npp_preview/zip/Preview_plugin_src.zip
ioc	https://github.com/mpcabd/PyNPP/releases/download/v1.2/PyNPP.dll.zip
ioc	http://code.google.com/p/kereds-notepad-plus-plus-plugins
ioc	http://kereds-notepad-plus-plus-plugins.googlecode.com/files/Python
ioc	ndent.zip
ioc	1.0.6
ioc	notepad.open
ioc	filename.txt
ioc	editor.appendText
ioc	http://npppythonscript.sourceforge.net
ioc	http://github.com/davegb3/PythonScript
ioc	editor.pymlreplace
ioc	editor.getCharacterPointer
ioc	notepad.getPluginVersion
ioc	http://downloads.sourceforge.net/project/npppythonscript/Python
ioc	file.php
ioc	http://sourceforge.net/projects/quickopenplugin/
ioc	http://downloads.sourceforge.net/project/quickopenplugin/QuickOpenPlugin
ioc	1.2.zip
ioc	0.0.2.1
ioc	0.0.2.2
ioc	http://sourceforge.net/tracker/
ioc	ext.conf.ini
ioc	ext.default.ini
ioc	ext.ini
ioc	ext.conf.default.ini
ioc	http://downloads.sourceforge.net/project/quicktext/QuickText/QuickText
ioc	200.2.1/QuickText.v0.2.1.zip
ioc	ext.v0.2.1
ioc	http://poiru.github.com/rainlexer
ioc	http://nppregexhelper.sourceforge.net/
ioc	https://github.com/larryb82/npp-regexhelper
ioc	https://sites.google.com/site/fstellari/nppplugins/RunMe_dll_1v36.zip
ioc	e.dll
ioc	https://sourceforge.net/projects/nppsaveasadmin/
ioc	https://sourceforge.net/p/nppsaveasadmin/code/
ioc	http://downloads.sourceforge.net/project/nppsaveasadmin/NppSaveAsAdmin_1.0.0.3.zip
ioc	dmin.dll
ioc	201.12/SearchInFiles_1_12_dll.zip
ioc	iles.dll
ioc	http://www.dreaminpixels.net/wp-content/plugins/download-monitor/download.php
ioc	ad.dll
ioc	http://downloads.sourceforge.net/project/npp-plugins/SecurePad/SecurePad
ioc	ad.v1.0.bin.zip
ioc	http://download.tuxfamily.org/nppplugins/SelectNLaunch/SelectNLaunch.bin.v1.0.zip
ioc	aunch.dll
ioc	1.4.2
ioc	http://mfoster.com/npp/SessionMgr.html
ioc	http://mfoster.com/npp/download.html
ioc	https://sourceforge.net/p/notepad-plus/discussion/482781/thread/dea823d0/
ioc	v1.4.2
ioc	http://downloads.sourceforge.net/project/npp-plugins/SimpleScript/SimpleScript
ioc	20v1.13/SimpleScript_1_13_dll.zip
ioc	cript.ini
ioc	cript.dll
ioc	http://www.snip2code.com/Static/Downloads
ioc	https://github.com/cghersi/snip2codeNET
ioc	http://www.snip2code.com/Downloads/S2CNotepadppPlugin.zip
ioc	ode.dll
ioc	log4net.dll
ioc	son.dll
ioc	vc.dll
ioc	http://downloads.sourceforge.net/project/snippetplus/SnippetPlus_V1.4_Release.zip
ioc	lus.xml
ioc	e.html
ioc	hangelog.txt
ioc	moke.css
ioc	rown.css
ioc	1.2.0
ioc	http://www.fesevur.com/nppsnippets
ioc	http://code.google.com/p/nppsnippets/
ioc	3.7.15.1
ioc	solutionhub.dll
ioc	2.178
ioc	http://www.incrediblejunior.com/npp_plugins/
ioc	http://www.incrediblejunior.com/npp_plugins/downloads/r1/solutionhub_ui.zip
ioc	ui.dll
ioc	0.7.3
ioc	http://sourceforge.net/projects/sourcecookifier/
ioc	n0.7.2
ioc	n0.7.1
ioc	http://downloads.sourceforge.net/project/sourcecookifier/0.7.3/SourceCookifier.v0.7.3.bin.zip
ioc	ookifier.dll
ioc	olicy.bat
ioc	ookifier.languages.model.xml
ioc	file1.php
ioc	0.2.0.1
ioc	0.2.1.0
ioc	http://sourceforge.net/projects/npp-plugins/files/SpeechPlugin/SpeechPlugin_0_2_1_src.zip/download
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/SpeechPlugin_0_2_1_dll.zip
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/SpeechPlugin_0_2_dll.zip
ioc	1.3.1.0
ioc	1.3.3.0
ioc	http://aspell.net/win32.
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/SpellChecker_1_3_3_UNI_dll.zip
ioc	hecker.dll
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/SpellChecker_1_3_1_dll.zip
ioc	http://www.scout-soft.com/sql/
ioc	http://www.scout-soft.com/
ioc	http://f0dder.dcmembers.com/nppplugs.index.php
ioc	switcher.dll
ioc	http://kereds-notepad-plus-plus-plugins.googlecode.com/files/TabIndentSpaceAlign.zip
ioc	lign.dll
ioc	1.0.3
ioc	7.0.2
ioc	http://downloads.sourceforge.net/project/tagsview/TagsView
ioc	03beta.zip
ioc	ctags.opt
ioc	iew.txt
ioc	iew.dll
ioc	1.1.1
ioc	http://textfx.no-ip.com/textfx/
ioc	http://downloads.sourceforge.net/project/npp-plugins/TextFX/TextFX
ioc	20v0.26/TextFX.v0.26.unicode.bin.zip
ioc	20v0.25/NPPTextFX.v0.25.bin.zip
ioc	http://sourceforge.net/projects/npptfs
ioc	http://downloads.sourceforge.net/project/npptfs/NppTFS.zip
ioc	http://code.google.com/p/npp-tidy2/
ioc	https://github.com/davegb3/NppTidy2
ioc	http://npp-tidy2.googlecode.com/files/Tidy2_0.2.zip
ioc	idy2.dll
ioc	http://tortoisesvn.tigris.org/
ioc	2.186
ioc	2.195
ioc	http://www.incrediblejunior.com/npp_plugins/downloads/tsvn_r195.zip
ioc	svn.dll
ioc	help.txt
ioc	tsvn.config
ioc	3.1.1.0
ioc	https://sourceforge.net/projects/npptranslate/
ioc	https://sourceforge.net/p/npptranslate/code/HEAD/tree/nppTranslateCS/
ioc	http://sourceforge.net/projects/npptranslate/files/bin/Translate_3.1.1.0.zip/download
ioc	ranslate.dll
ioc	1.0.2_NotepadPPplugin
ioc	http://downloads.sourceforge.net/project/universalindent/uigui/UniversalIndentGUI_1.0.2/UniversalIndentGUI_1.0.2_NotepadPPplugin.zip
ioc	ore4.dll
ioc	ui4.dll
ioc	cript4.dll
ioc	1.0.2_N
ioc	https://sourceforge.net/projects/nppverilog/
ioc	https://sourceforge.net/p/nppverilog/code/ci/master/tree/
ioc	v1.2.0
ioc	http://sourceforge.net/projects/nppverilog/files/nppVerilog
ioc	20v1.2.1/nppVerilog_v1.2.1.zip/download
ioc	erilog.dll
ioc	onfig.txt
ioc	https://sourceforge.net/projects/nppvhdl/
ioc	https://sourceforge.net/p/nppvhdl/code/ci/master/tree/
ioc	http://sourceforge.net/projects/nppvhdl/files/NppVHDL
ioc	20v1.0.0/nppVHDL_v1.0.0.zip/download
ioc	0.4.0.109
ioc	0.3.6.868
ioc	0.3.6.838
ioc	http://www.visimulator.com/public/p/pm/visimulator_0.4.0.1093.zip
ioc	0.4.0.1093.dll
ioc	visimulator.dll
ioc	2.0.3
ioc	https://wakatime.com/
ioc	https://github.com/wakatime/notepadpp-wakatime
ioc	n1.1.0
ioc	n1.0.0
ioc	https://github.com/wakatime/notepadpp-wakatime/releases/download/2.0.3/notepadpp-wakatime-2.0.3.zip
ioc	http://downloads.sourceforge.net/project/npp-plugins/WebEdit/WebEdit
ioc	dit.v2.1.zip
ioc	dit.ini
ioc	dit.dll
ioc	1.1.2.0
ioc	1.2.2.0
ioc	http://sourceforge.net/projects/npp-plugins/files/WindowManager/WindowManager_1_2_2_src.zip/download
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/WindowManager_1_2_2_UNI_dll.zip
ioc	anager.dll
ioc	http://downloads.sourceforge.net/sourceforge/npp-plugins/WindowManager_1_1_2_dll.zip
ioc	4.1.0.16
ioc	http://sourceforge.net/projects/npp-plugins/files/XML
ioc	202.4.4
ioc	nicode.zip/download
ioc	2.0.0.513
ioc	2.1.0
ioc	2.1.1.548
ioc	2.2.0.560
ioc	2.3.0.583
ioc	2.3.1.639
ioc	2.3.1.670
ioc	2.3.1.671
ioc	2.3.1.685
ioc	2.3.1.697
ioc	2.3.1.764
ioc	2.3.1.805
ioc	2.3.2.908
ioc	2.4.1
ioc	2.4.2
ioc	2.4.3
ioc	2.4.4
ioc	2.4.5
ioc	2.4.6
ioc	2.4.7
ioc	2.4.8
ioc	2.9.2
ioc	1.1.28
ioc	1.2.20
ioc	1.2.6
ioc	1.14
ioc	1.0.1j
ioc	202.4.8
ioc	libiconv-2.dll
ioc	libwinpthread-1.dll
ioc	libxml2-2.dll
ioc	libxslt-1.dll
ioc	zlib1.dll
ioc	ools.dll
ioc	libcurl.dll
ioc	2.10
ioc	https://code.google.com/p/xpatherizernpp/
ioc	http://xpatherizernpp.googlecode.com/files/XPatherizerNPP-2.10-Source.rar
ioc	ython.dll
ioc	1.1.3
ioc	https://github.com/StanDog/npp-zoomdisabler
ioc	21.06.2015
ioc	v1.1.3
ioc	n19.02.2015
ioc	v1.1.2
ioc	n30.03.2014
ioc	v1.1.1
ioc	n29.03.2014
ioc	n28.03.2014
ioc	https://github.com/StanDog/npp-zoomdisabler/raw/master/RELEASES/zoomdisabler_1.1.3.zip
ioc	zoomdisabler.dll
ioc	disabler.ini
ioc	mscoree.dll
ioc	kernel32.dll
ioc	32.dll
ioc	onverter.pdb
ioc	4.01//EN
ioc	http://www.w3.org/TR/1999/REC-html401-19991224/strict.dtd
ioc	u.j8h
ioc	1.2.8
ioc	http://www.winimage.com/zLibDll
ioc	anager.pdb
ioc	3.3g3t3

Stealing of Sensitive Information

Collects information to fingerprint the system Show sources

registry_read

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Attempts to access Bitcoin/ALTCoin wallets Show sources

file_query	C:\program files (x86)\bitcoin\*
file_query	C:\programdata\bitcoin\*
file_query	C:\Windows\System32\config\systemprofile\AppData\Roaming\bitcoin\*
file_query	C:\Windows\serviceprofiles\localservice\AppData\Roaming\bitcoin\*
file_query	C:\Windows\serviceprofiles\networkservice\AppData\Roaming\bitcoin\*
file_query	C:\Users\user\AppData\Roaming\bitcoin\*
file_query	C:\Windows\System32\config\systemprofile\AppData\Local\bitcoin\*
file_query	C:\Windows\serviceprofiles\localservice\AppData\Local\bitcoin\*
file_query	C:\Windows\serviceprofiles\networkservice\AppData\Local\bitcoin\*
file_query	C:\Users\user\AppData\Local\bitcoin\*

Steals private information from local Internet browsers Show sources

file_read

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@downloads.sourceforge[1].txt

Attempts to modify proxy settings

Harvests information related to installed mail clients Show sources

file	C:\Users\user\AppData\Local\microsoft\Outlook\Outlook.pst

Spam, Unwanted Advertisements and Ransom Demands

Attempts to modify desktop wallpaper

Exhibits behavior characteristic of Cerber ransomware

Writes a potential ransom message to disk Show sources

file_write

_R_E_A_D___T_H_I_S___SIZ9T2UH_.txt

Hooking and other Techniques for Hiding Protection

Creates RWX memory Show sources

injection_rwx_memory

0x00000040, NtAllocateVirtualMemory or VirtualProtectEx

Persistence and Installation Behavior

Deletes its original binary from disk Show sources

file_delete

c:\users\user\appdata\local\temp\0dddca0add163af6238f2b68bc25a88ada1f35d5.exe

Malware Analysis System Evasion

A process attempted to delay the analysis task. Show sources

api_process_name	notepad++.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds
api_process_name	mshta.exe tried to sleep 360 seconds, actually delayed analysis time by 0 seconds
api_process_name	WmiPrvSE.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds

Loading...