Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\xz[1]
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\xz[2]
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\xz[1]
|
PE32+ executable (native) x86-64, for MS Windows
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\xz[2]
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xz[1]
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1340820F.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1341015D.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\7ECA49D7.sys
|
PE32+ executable (native) x86-64, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\53IVYM2Y\xz[3]
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\xz[2]
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1340B061.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\1341026E.bin
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\7ECA4A94.bin
|
data
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll,InsterDriver
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll",#1
|
|
|
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll",InsterDriver
|
|
|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.18602.10500.dll",#1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sys
|
134.175.236.132
|
|
|
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sys
|
134.175.236.132
|
|
|
|
http://134.175.236.132:17598/xz?mz=Pml.bin
|
134.175.236.132
|
|
|
|
http://134.175.236.132:17598/xz?mz=Pml.binA
|
unknown
|
||
|
http://repository.certum.pl/ctnca.cer09
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sys8)
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sysk
|
unknown
|
||
|
http://134.1
|
unknown
|
||
|
http://crl.certum.pl/ctnca.crl0k
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sysP
|
unknown
|
||
|
http://134.175.236.132:1p8
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sysD
|
unknown
|
||
|
http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sysH
|
unknown
|
||
|
https://www.certum.pl/CPS0
|
unknown
|
||
|
http://134.175.236.132:1
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sys;
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sys~
|
unknown
|
||
|
http://repository.certum.pl/ccsca2021.cer0
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sysB
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=Pml.binLocal
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=Pml.binhttp://134.175.236.132:17598/xz?mz=PmlHousPro.sys
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=Pml.binit
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sys0ad
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sysn
|
unknown
|
||
|
http://subca.ocsp-certum.com02
|
unknown
|
||
|
http://134.175.236.132/
|
unknown
|
||
|
http://subca.ocsp-certum.com01
|
unknown
|
||
|
http://134.175.236.132:1HvP
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.syss
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sysHa
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousPro.sys$
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sysX
|
unknown
|
||
|
http://crl.certum.pl/ctnca2.crl0l
|
unknown
|
||
|
http://repository.certum.pl/ctnca2.cer09
|
unknown
|
||
|
http://ccsca2021.ocsp-certum.com05
|
unknown
|
||
|
http://134.175.236.132:17598/xz?mz=PmlHousProMax.sysDvT
|
unknown
|
||
|
http://www.certum.pl/CPS0
|
unknown
|
There are 28 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
fp2e7a.wpc.phicdn.net
|
192.229.211.108
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
134.175.236.132
|
unknown
|
China
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
KernelPath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1341001C
|
KernelPath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
KernelPath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1340810C
|
KernelPath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
KernelPath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
Type
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
ErrorControl
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
Start
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
ImagePath
|
||
|
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\7ECA342B
|
KernelPath
|
There are 20 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
939000
|
heap
|
page read and write
|
||
|
6E095000
|
unkown
|
page execute read
|
||
|
146E000
|
stack
|
page read and write
|
||
|
48CB000
|
stack
|
page read and write
|
||
|
742000
|
heap
|
page read and write
|
||
|
47BB000
|
stack
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
737000
|
heap
|
page read and write
|
||
|
6100000
|
heap
|
page read and write
|
||
|
999000
|
heap
|
page read and write
|
||
|
45EE000
|
stack
|
page read and write
|
||
|
710000
|
heap
|
page read and write
|
||
|
6190000
|
heap
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
8E0000
|
heap
|
page read and write
|
||
|
967000
|
heap
|
page read and write
|
||
|
4220000
|
heap
|
page read and write
|
||
|
3CC000
|
stack
|
page read and write
|
||
|
765000
|
heap
|
page read and write
|
||
|
724000
|
heap
|
page read and write
|
||
|
65A000
|
heap
|
page read and write
|
||
|
48A000
|
stack
|
page read and write
|
||
|
47EE000
|
stack
|
page read and write
|
||
|
45AB000
|
stack
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
40BE000
|
stack
|
page read and write
|
||
|
102E000
|
stack
|
page read and write
|
||
|
6E0A1000
|
unkown
|
page readonly
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
95E000
|
heap
|
page read and write
|
||
|
469F000
|
stack
|
page read and write
|
||
|
136D000
|
stack
|
page read and write
|
||
|
6E091000
|
unkown
|
page execute read
|
||
|
471F000
|
stack
|
page read and write
|
||
|
106B000
|
heap
|
page read and write
|
||
|
699000
|
heap
|
page read and write
|
||
|
960000
|
heap
|
page read and write
|
||
|
44EE000
|
stack
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
6B2000
|
heap
|
page read and write
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
72E000
|
heap
|
page read and write
|
||
|
94D000
|
heap
|
page read and write
|
||
|
97A000
|
heap
|
page read and write
|
||
|
2C90000
|
heap
|
page read and write
|
||
|
4224000
|
heap
|
page read and write
|
||
|
C1F000
|
stack
|
page read and write
|
||
|
5F90000
|
heap
|
page read and write
|
||
|
456E000
|
stack
|
page read and write
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
6E091000
|
unkown
|
page execute read
|
||
|
6E095000
|
unkown
|
page execute read
|
||
|
73A000
|
heap
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
C3D000
|
stack
|
page read and write
|
||
|
106F000
|
heap
|
page read and write
|
||
|
73B000
|
heap
|
page read and write
|
||
|
964000
|
heap
|
page read and write
|
||
|
E5C000
|
stack
|
page read and write
|
||
|
716000
|
heap
|
page read and write
|
||
|
6FD000
|
heap
|
page read and write
|
||
|
6E093000
|
unkown
|
page readonly
|
||
|
6EF000
|
heap
|
page read and write
|
||
|
6E093000
|
unkown
|
page readonly
|
||
|
B50000
|
heap
|
page read and write
|
||
|
17A000
|
stack
|
page read and write
|
||
|
479E000
|
stack
|
page read and write
|
||
|
494F000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
B94000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
5BE000
|
stack
|
page read and write
|
||
|
95F000
|
stack
|
page read and write
|
||
|
738000
|
heap
|
page read and write
|
||
|
389000
|
stack
|
page read and write
|
||
|
96B000
|
heap
|
page read and write
|
||
|
488E000
|
stack
|
page read and write
|
||
|
6E0A1000
|
unkown
|
page readonly
|
||
|
6060000
|
trusted library allocation
|
page read and write
|
||
|
6D2000
|
heap
|
page read and write
|
||
|
6E093000
|
unkown
|
page readonly
|
||
|
420000
|
heap
|
page read and write
|
||
|
5E70000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
6020000
|
heap
|
page read and write
|
||
|
973000
|
heap
|
page read and write
|
||
|
46FE000
|
stack
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
6BA000
|
heap
|
page read and write
|
||
|
5F40000
|
trusted library allocation
|
page read and write
|
||
|
BAE000
|
stack
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
4CB000
|
stack
|
page read and write
|
||
|
97D000
|
heap
|
page read and write
|
||
|
73A000
|
heap
|
page read and write
|
||
|
6E095000
|
unkown
|
page execute read
|
||
|
4334000
|
heap
|
page read and write
|
||
|
6C1000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
C2D000
|
stack
|
page read and write
|
||
|
132F000
|
stack
|
page read and write
|
||
|
650000
|
heap
|
page read and write
|
||
|
482F000
|
stack
|
page read and write
|
||
|
964000
|
heap
|
page read and write
|
||
|
6E090000
|
unkown
|
page readonly
|
||
|
5F00000
|
heap
|
page read and write
|
||
|
466E000
|
stack
|
page read and write
|
||
|
490000
|
heap
|
page read and write
|
||
|
2D00000
|
heap
|
page read and write
|
||
|
6C9000
|
heap
|
page read and write
|
||
|
97C000
|
heap
|
page read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
473F000
|
stack
|
page read and write
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
61D0000
|
trusted library allocation
|
page read and write
|
||
|
6AE000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
495000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
452E000
|
stack
|
page read and write
|
||
|
734000
|
heap
|
page read and write
|
||
|
B2E000
|
stack
|
page read and write
|
||
|
730000
|
heap
|
page read and write
|
||
|
6E091000
|
unkown
|
page execute read
|
||
|
462F000
|
stack
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
477D000
|
stack
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
410E000
|
stack
|
page read and write
|
||
|
75F000
|
heap
|
page read and write
|
||
|
46BD000
|
stack
|
page read and write
|
||
|
630000
|
heap
|
page read and write
|
||
|
900000
|
heap
|
page read and write
|
||
|
4330000
|
heap
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
430000
|
heap
|
page read and write
|
||
|
976000
|
heap
|
page read and write
|
||
|
490E000
|
stack
|
page read and write
|
||
|
F5C000
|
stack
|
page read and write
|
||
|
4190000
|
heap
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
96D000
|
heap
|
page read and write
|
||
|
BDE000
|
stack
|
page read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
90A000
|
heap
|
page read and write
|
||
|
91E000
|
stack
|
page read and write
|
||
|
414E000
|
stack
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
73B000
|
heap
|
page read and write
|
||
|
46DD000
|
stack
|
page read and write
|
||
|
6C5000
|
heap
|
page read and write
|
||
|
6E090000
|
unkown
|
page readonly
|
||
|
6E0A1000
|
unkown
|
page readonly
|
||
|
999000
|
heap
|
page read and write
|
||
|
6E090000
|
unkown
|
page readonly
|
There are 154 hidden memdumps, click here to show them.