Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.ipify.org/
|
104.26.12.205
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.ctvnews.ca/rss/business/ctv-news-business-headlines-1.867648
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.ctvnews.ca/rss/ctvnews-ca-top-stories-public-rss-1.822009
|
unknown
|
||
|
http://xml.weather.yahoo.com/ns/rss/1.0
|
unknown
|
||
|
https://api.ipify.org/t
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://mail.nationalkham.com
|
unknown
|
||
|
http://weather.yahooapis.com/forecastrss?w=4118
|
unknown
|
||
|
http://ip-api.com/line/?fields=hosting
|
208.95.112.1
|
||
|
http://ip-api.com
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.nationalkham.com
|
192.185.35.67
|
|
|
|
api.ipify.org
|
104.26.12.205
|
||
|
ip-api.com
|
208.95.112.1
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.185.35.67
|
mail.nationalkham.com
|
United States
|
|
|
|
208.95.112.1
|
ip-api.com
|
United States
|
||
|
104.26.12.205
|
api.ipify.org
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
There are 5 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31FD000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
31D5000
|
trusted library allocation
|
page read and write
|
|
|
|
3205000
|
trusted library allocation
|
page read and write
|
|
|
|
45BE000
|
trusted library allocation
|
page read and write
|
|
|
|
123E000
|
stack
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
6D80000
|
trusted library allocation
|
page execute and read and write
|
||
|
5060000
|
trusted library allocation
|
page read and write
|
||
|
676D000
|
stack
|
page read and write
|
||
|
A320000
|
trusted library section
|
page read and write
|
||
|
13B0000
|
heap
|
page read and write
|
||
|
1270000
|
heap
|
page read and write
|
||
|
4C1C000
|
stack
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
55E1000
|
trusted library allocation
|
page read and write
|
||
|
2CE5000
|
trusted library allocation
|
page read and write
|
||
|
31AF000
|
trusted library allocation
|
page read and write
|
||
|
6D30000
|
trusted library allocation
|
page read and write
|
||
|
66E0000
|
heap
|
page read and write
|
||
|
FA0000
|
trusted library allocation
|
page read and write
|
||
|
2B2E000
|
stack
|
page read and write
|
||
|
F94000
|
trusted library allocation
|
page read and write
|
||
|
52C0000
|
heap
|
page read and write
|
||
|
FA9000
|
stack
|
page read and write
|
||
|
31A5000
|
trusted library allocation
|
page read and write
|
||
|
6B2D000
|
stack
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
2FA0000
|
trusted library allocation
|
page read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
2EDA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1438000
|
heap
|
page read and write
|
||
|
5086000
|
trusted library allocation
|
page read and write
|
||
|
D4EE000
|
stack
|
page read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
6630000
|
heap
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
6D53000
|
trusted library allocation
|
page read and write
|
||
|
2BE1000
|
trusted library allocation
|
page read and write
|
||
|
4437000
|
trusted library allocation
|
page read and write
|
||
|
7100000
|
trusted library section
|
page read and write
|
||
|
D3A0000
|
trusted library allocation
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
594C000
|
stack
|
page read and write
|
||
|
2ED2000
|
trusted library allocation
|
page read and write
|
||
|
125E000
|
stack
|
page read and write
|
||
|
E5E000
|
heap
|
page read and write
|
||
|
FE0000
|
trusted library allocation
|
page read and write
|
||
|
13EA000
|
heap
|
page read and write
|
||
|
57AC000
|
stack
|
page read and write
|
||
|
4199000
|
trusted library allocation
|
page read and write
|
||
|
5830000
|
heap
|
page read and write
|
||
|
4D1C000
|
stack
|
page read and write
|
||
|
979000
|
stack
|
page read and write
|
||
|
7C1F000
|
stack
|
page read and write
|
||
|
E50000
|
heap
|
page read and write
|
||
|
15BE000
|
stack
|
page read and write
|
||
|
2ECD000
|
trusted library allocation
|
page execute and read and write
|
||
|
52B0000
|
trusted library section
|
page readonly
|
||
|
514D000
|
trusted library allocation
|
page read and write
|
||
|
6F20000
|
trusted library allocation
|
page execute and read and write
|
||
|
6EA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55BE000
|
stack
|
page read and write
|
||
|
FC2000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
D3A4000
|
trusted library allocation
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
57B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EB0000
|
trusted library allocation
|
page read and write
|
||
|
55DA000
|
trusted library allocation
|
page read and write
|
||
|
31F9000
|
trusted library allocation
|
page read and write
|
||
|
6D70000
|
trusted library allocation
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
7130000
|
trusted library section
|
page read and write
|
||
|
6AEF000
|
stack
|
page read and write
|
||
|
51F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EEB000
|
trusted library allocation
|
page execute and read and write
|
||
|
55D0000
|
heap
|
page read and write
|
||
|
6D40000
|
trusted library allocation
|
page read and write
|
||
|
15FE000
|
stack
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
7150000
|
trusted library allocation
|
page read and write
|
||
|
508D000
|
trusted library allocation
|
page read and write
|
||
|
2FB0000
|
heap
|
page execute and read and write
|
||
|
7F360000
|
trusted library allocation
|
page execute and read and write
|
||
|
68AE000
|
stack
|
page read and write
|
||
|
8EA000
|
unkown
|
page readonly
|
||
|
31C1000
|
trusted library allocation
|
page read and write
|
||
|
1000000
|
heap
|
page execute and read and write
|
||
|
E4E000
|
stack
|
page read and write
|
||
|
6D90000
|
trusted library allocation
|
page read and write
|
||
|
1280000
|
heap
|
page read and write
|
||
|
52AC000
|
stack
|
page read and write
|
||
|
55D2000
|
trusted library allocation
|
page read and write
|
||
|
2B38000
|
trusted library allocation
|
page read and write
|
||
|
2EB3000
|
trusted library allocation
|
page execute and read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
3217000
|
trusted library allocation
|
page read and write
|
||
|
830000
|
unkown
|
page readonly
|
||
|
5604000
|
trusted library allocation
|
page read and write
|
||
|
50A0000
|
trusted library allocation
|
page read and write
|
||
|
6D47000
|
trusted library allocation
|
page read and write
|
||
|
6B6E000
|
stack
|
page read and write
|
||
|
7000000
|
heap
|
page read and write
|
||
|
2E46000
|
trusted library allocation
|
page read and write
|
||
|
5320000
|
heap
|
page read and write
|
||
|
729E000
|
stack
|
page read and write
|
||
|
55CB000
|
trusted library allocation
|
page read and write
|
||
|
5670000
|
heap
|
page read and write
|
||
|
5220000
|
trusted library allocation
|
page read and write
|
||
|
69AE000
|
stack
|
page read and write
|
||
|
832000
|
unkown
|
page readonly
|
||
|
3BE9000
|
trusted library allocation
|
page read and write
|
||
|
2EBD000
|
trusted library allocation
|
page execute and read and write
|
||
|
F80000
|
trusted library allocation
|
page read and write
|
||
|
13F6000
|
heap
|
page read and write
|
||
|
1275000
|
heap
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
31BD000
|
trusted library allocation
|
page read and write
|
||
|
16C0000
|
heap
|
page read and write
|
||
|
5250000
|
heap
|
page read and write
|
||
|
5310000
|
trusted library allocation
|
page read and write
|
||
|
2F00000
|
trusted library allocation
|
page read and write
|
||
|
72A0000
|
trusted library allocation
|
page read and write
|
||
|
6CAE000
|
stack
|
page read and write
|
||
|
2F4E000
|
stack
|
page read and write
|
||
|
6F6E000
|
stack
|
page read and write
|
||
|
2EE7000
|
trusted library allocation
|
page execute and read and write
|
||
|
5090000
|
trusted library allocation
|
page read and write
|
||
|
13C8000
|
heap
|
page read and write
|
||
|
113E000
|
stack
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C0000
|
trusted library allocation
|
page read and write
|
||
|
5130000
|
heap
|
page execute and read and write
|
||
|
507E000
|
trusted library allocation
|
page read and write
|
||
|
5663000
|
heap
|
page read and write
|
||
|
2ED6000
|
trusted library allocation
|
page execute and read and write
|
||
|
74C2000
|
trusted library allocation
|
page read and write
|
||
|
E0E000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
44D3000
|
trusted library allocation
|
page read and write
|
||
|
FAD000
|
trusted library allocation
|
page execute and read and write
|
||
|
52E5000
|
heap
|
page read and write
|
||
|
3060000
|
heap
|
page read and write
|
||
|
127E000
|
stack
|
page read and write
|
||
|
55E6000
|
trusted library allocation
|
page read and write
|
||
|
5064000
|
trusted library allocation
|
page read and write
|
||
|
5120000
|
heap
|
page read and write
|
||
|
2EE0000
|
trusted library allocation
|
page read and write
|
||
|
FF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
1260000
|
heap
|
page read and write
|
||
|
5149000
|
trusted library allocation
|
page read and write
|
||
|
E5B000
|
heap
|
page read and write
|
||
|
316E000
|
stack
|
page read and write
|
||
|
2EB4000
|
trusted library allocation
|
page read and write
|
||
|
6EFE000
|
stack
|
page read and write
|
||
|
5253000
|
heap
|
page read and write
|
||
|
5840000
|
heap
|
page execute and read and write
|
||
|
55C0000
|
heap
|
page read and write
|
||
|
144E000
|
heap
|
page read and write
|
||
|
5081000
|
trusted library allocation
|
page read and write
|
||
|
3171000
|
trusted library allocation
|
page read and write
|
||
|
6D60000
|
trusted library allocation
|
page read and write
|
||
|
4485000
|
trusted library allocation
|
page read and write
|
||
|
55C6000
|
trusted library allocation
|
page read and write
|
||
|
72CE000
|
stack
|
page read and write
|
||
|
1020000
|
trusted library allocation
|
page read and write
|
||
|
FCB000
|
trusted library allocation
|
page execute and read and write
|
||
|
2FC8000
|
trusted library allocation
|
page read and write
|
||
|
6FFE000
|
stack
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page execute and read and write
|
||
|
320B000
|
trusted library allocation
|
page read and write
|
||
|
FBA000
|
trusted library allocation
|
page execute and read and write
|
||
|
6DCE000
|
heap
|
page read and write
|
||
|
2F8C000
|
stack
|
page read and write
|
||
|
E84000
|
heap
|
page read and write
|
||
|
2E4F000
|
trusted library allocation
|
page read and write
|
||
|
1010000
|
trusted library allocation
|
page read and write
|
||
|
55B0000
|
trusted library allocation
|
page read and write
|
||
|
F9D000
|
trusted library allocation
|
page execute and read and write
|
||
|
F90000
|
trusted library allocation
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
5660000
|
heap
|
page read and write
|
||
|
13F3000
|
heap
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
2BD0000
|
heap
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page execute and read and write
|
||
|
55DE000
|
trusted library allocation
|
page read and write
|
||
|
FA3000
|
trusted library allocation
|
page read and write
|
||
|
526E000
|
stack
|
page read and write
|
||
|
D3EE000
|
stack
|
page read and write
|
||
|
3BE1000
|
trusted library allocation
|
page read and write
|
||
|
FC7000
|
trusted library allocation
|
page execute and read and write
|
||
|
719E000
|
stack
|
page read and write
|
||
|
F1D000
|
heap
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
||
|
50E0000
|
trusted library allocation
|
page read and write
|
||
|
72B0000
|
trusted library allocation
|
page read and write
|
||
|
6D50000
|
trusted library allocation
|
page read and write
|
||
|
686E000
|
stack
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
50B5000
|
trusted library allocation
|
page read and write
|
||
|
FB6000
|
trusted library allocation
|
page execute and read and write
|
||
|
6D6A000
|
trusted library allocation
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
41DA000
|
trusted library allocation
|
page read and write
|
||
|
7120000
|
trusted library section
|
page read and write
|
||
|
7140000
|
trusted library allocation
|
page execute and read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
31F7000
|
trusted library allocation
|
page read and write
|
||
|
43E000
|
remote allocation
|
page execute and read and write
|
||
|
6642000
|
heap
|
page read and write
|
||
|
5092000
|
trusted library allocation
|
page read and write
|
||
|
F93000
|
trusted library allocation
|
page execute and read and write
|
||
|
6BAE000
|
stack
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
7B1E000
|
stack
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
31FB000
|
trusted library allocation
|
page read and write
|
||
|
2EE2000
|
trusted library allocation
|
page read and write
|
||
|
799E000
|
stack
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
5142000
|
trusted library allocation
|
page read and write
|
||
|
71C0000
|
heap
|
page read and write
|
||
|
7ADF000
|
stack
|
page read and write
|
||
|
FB2000
|
trusted library allocation
|
page read and write
|
||
|
55CE000
|
trusted library allocation
|
page read and write
|
||
|
6EB0000
|
trusted library allocation
|
page read and write
|
||
|
79DE000
|
stack
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
55ED000
|
trusted library allocation
|
page read and write
|
||
|
E91000
|
heap
|
page read and write
|
||
|
16E7000
|
heap
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2EE5000
|
trusted library allocation
|
page execute and read and write
|
||
|
FB0000
|
trusted library allocation
|
page read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
EAA000
|
stack
|
page read and write
|
||
|
1287000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
6DC0000
|
heap
|
page read and write
|
There are 235 hidden memdumps, click here to show them.