Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Inject.3564.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\CYKELPARKERINGENS.ini
|
ASCII text, with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\GL-1.0.typelib
|
HTML document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\HERMAPHRODEITY.ini
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\Sydens.Pan7
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ThrottlePlugin.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\applications-other.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\folder-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsw99C.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\rt64win7.inf
|
Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\svulm\MDDINGEN.exe
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\user-not-tracked-symbolic.svg
|
SVG Scalable Vector Graphics image
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\video-joined-displays-symbolic.symbolic.png
|
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\remcos\logs.dat
|
ASCII text, with CRLF, CR line terminators
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.3564.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.3564.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.3564.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Inject.3564.exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.222.57.79/
|
unknown
|
|
|
|
185.222.57.217
|
|
||
|
http://185.222.57.79/SALES/1
|
unknown
|
|
|
|
http://185.222.57.79/SALES/1%20FEB%202-22_jalPPiWqFb130.bin
|
185.222.57.79
|
|
|
|
http://185.222.57.79/SALES/1%20FEB%202-22_jalPPiWqFb130.binY
|
unknown
|
||
|
http://creativecommons.org/ns#DerivativeWorks
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://creativecommons.org/licenses/by-sa/4.0/
|
unknown
|
||
|
http://creativecommons.org/ns#Distribution
|
unknown
|
||
|
http://creativecommons.org/ns#Attribution
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
||
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://creativecommons.org/ns#ShareAlike
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
http://creativecommons.org/ns#Notice
|
unknown
|
||
|
http://creativecommons.org/ns#Reproduction
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
http://creativecommons.org/ns#
|
unknown
|
There are 10 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.222.57.217
|
unknown
|
Netherlands
|
|
|
|
185.222.57.79
|
unknown
|
Netherlands
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\medtag\Erethitic
|
enregistration
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bastille56\Skrivebordsskuffe50
|
Expand String Value
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\reclothing\Taxifly
|
NDRAAB
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
|
Vattersottig9
|
||
|
HKEY_CURRENT_USER\SOFTWARE\remcos_rurbibqnnhyclpl
|
EXEpath
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1CF0000
|
heap
|
page read and write
|
|
|
|
32C1000
|
direct allocation
|
page execute and read and write
|
|
|
|
1660000
|
remote allocation
|
page execute and read and write
|
|
|
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
649000
|
unkown
|
page write copy
|
||
|
452000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
626000
|
unkown
|
page write copy
|
||
|
1E980440000
|
heap
|
page read and write
|
||
|
1D3AE000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
C0D45FE000
|
stack
|
page read and write
|
||
|
4F10000
|
trusted library allocation
|
page read and write
|
||
|
18CE000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
5EA000
|
unkown
|
page write copy
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1E980250000
|
heap
|
page read and write
|
||
|
1E98042A000
|
heap
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
1E980400000
|
heap
|
page read and write
|
||
|
560000
|
heap
|
page read and write
|
||
|
1E980C02000
|
trusted library allocation
|
page read and write
|
||
|
719D0000
|
unkown
|
page readonly
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6D8000
|
heap
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
4A9000
|
unkown
|
page write copy
|
||
|
4F49000
|
trusted library allocation
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
24BE000
|
stack
|
page read and write
|
||
|
ACF000
|
stack
|
page read and write
|
||
|
1E980370000
|
heap
|
page read and write
|
||
|
719D1000
|
unkown
|
page execute read
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
1D6BC000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1860000
|
heap
|
page read and write
|
||
|
1E98043C000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1DA3F000
|
stack
|
page read and write
|
||
|
1E98048F000
|
heap
|
page read and write
|
||
|
719D6000
|
unkown
|
page readonly
|
||
|
5F0000
|
unkown
|
page write copy
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
70D000
|
heap
|
page read and write
|
||
|
1E98046E000
|
heap
|
page read and write
|
||
|
1049000
|
unkown
|
page write copy
|
||
|
DF000
|
stack
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1E980432000
|
heap
|
page read and write
|
||
|
1E9801F0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1E980465000
|
heap
|
page read and write
|
||
|
C0D427B000
|
stack
|
page read and write
|
||
|
BD5000
|
heap
|
page read and write
|
||
|
1D66F000
|
stack
|
page read and write
|
||
|
1CAB0000
|
heap
|
page read and write
|
||
|
733000
|
heap
|
page read and write
|
||
|
1E980454000
|
heap
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
1A70000
|
trusted library allocation
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1E980486000
|
heap
|
page read and write
|
||
|
C0D47FA000
|
stack
|
page read and write
|
||
|
1E980360000
|
unclassified section
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
1E980413000
|
heap
|
page read and write
|
||
|
1D93E000
|
stack
|
page read and write
|
||
|
33B1000
|
trusted library allocation
|
page read and write
|
||
|
1D3B0000
|
trusted library allocation
|
page read and write
|
||
|
1CAB1000
|
heap
|
page read and write
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
716000
|
heap
|
page read and write
|
||
|
33C7000
|
trusted library allocation
|
page read and write
|
||
|
1D14E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1868000
|
heap
|
page read and write
|
||
|
1CBB0000
|
heap
|
page read and write
|
||
|
5F2000
|
unkown
|
page write copy
|
||
|
98000
|
stack
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
24C0000
|
heap
|
page read and write
|
||
|
729000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
4FE000
|
stack
|
page read and write
|
||
|
6FE000
|
heap
|
page read and write
|
||
|
3B9C000
|
stack
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
1D18F000
|
stack
|
page read and write
|
||
|
8CE000
|
stack
|
page read and write
|
||
|
1E98044B000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
712000
|
heap
|
page read and write
|
||
|
1E98047E000
|
heap
|
page read and write
|
||
|
290F000
|
stack
|
page read and write
|
||
|
1E980427000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
733000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1D52D000
|
stack
|
page read and write
|
||
|
435000
|
unkown
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
640000
|
trusted library allocation
|
page read and write
|
||
|
72F000
|
heap
|
page read and write
|
||
|
1E980502000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
18AC000
|
heap
|
page read and write
|
||
|
B9E000
|
stack
|
page read and write
|
||
|
17F4000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
1D42E000
|
stack
|
page read and write
|
||
|
3440000
|
heap
|
page read and write
|
||
|
1CC30000
|
heap
|
page read and write
|
||
|
719D4000
|
unkown
|
page readonly
|
||
|
33A2000
|
trusted library allocation
|
page read and write
|
||
|
295C000
|
trusted library allocation
|
page read and write
|
||
|
1E9803C0000
|
trusted library allocation
|
page read and write
|
||
|
247F000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
C0D46FE000
|
stack
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
723000
|
heap
|
page read and write
|
||
|
5E8000
|
unkown
|
page write copy
|
||
|
3C9D000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
1D2AC000
|
stack
|
page read and write
|
||
|
17F0000
|
heap
|
page read and write
|
||
|
2944000
|
trusted library allocation
|
page read and write
|
||
|
18DB000
|
heap
|
page read and write
|
||
|
24C4000
|
heap
|
page read and write
|
||
|
1D52F000
|
stack
|
page read and write
|
||
|
1899000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6BE000
|
stack
|
page read and write
|
||
|
9E000
|
stack
|
page read and write
|
||
|
1E980446000
|
heap
|
page read and write
|
||
|
452000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3AA0000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
unkown
|
page write copy
|
||
|
18BF000
|
heap
|
page read and write
|
||
|
5EC000
|
unkown
|
page write copy
|
||
|
3AE0000
|
trusted library allocation
|
page read and write
|
||
|
1D7BF000
|
stack
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
1CF6000
|
heap
|
page read and write
|
||
|
1D56C000
|
stack
|
page read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
There are 152 hidden memdumps, click here to show them.