Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\nsg51C2.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
modified
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Obeyeo.Bib
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\Urokkeligheden.Ord114
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Stempelpligtig93\Vatersotiges\Knoglemarvsundersgelsen\Armoniac\libgiognutls.dll
|
PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.11060.2891.exe
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
|
unknown
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
|
unknown
|
||
|
http://www.giliro.com/wnioMvShFMvcw54.emz
|
66.147.238.212
|
||
|
http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
|
unknown
|
||
|
http://www.giliro.com/wnioMvShFMvcw54.emz32w
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://www.giliro.com/wnioMvShFMvcw54.emzV
|
unknown
|
||
|
http://www.giliro.com/wnioMvShFMvcw54.emzG
|
unknown
|
||
|
http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
|
unknown
|
||
|
http://www.gopher.ftp://ftp.
|
unknown
|
||
|
https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
giliro.com
|
66.147.238.212
|
||
|
www.giliro.com
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
66.147.238.212
|
giliro.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Spaan\Pushfully
|
Trials101
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1660000
|
remote allocation
|
page execute and read and write
|
|
|
|
3320000
|
direct allocation
|
page execute and read and write
|
|
|
|
1C0000
|
remote allocation
|
page read and write
|
||
|
21EA0880000
|
heap
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
194A000
|
heap
|
page read and write
|
||
|
1D530000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
670000
|
heap
|
page read and write
|
||
|
1D240000
|
heap
|
page read and write
|
||
|
1D400000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
1049000
|
unkown
|
page write copy
|
||
|
190C000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
22D5000
|
heap
|
page read and write
|
||
|
21EA0A70000
|
heap
|
page read and write
|
||
|
1D889000
|
trusted library allocation
|
page execute and read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
1B9D4E10000
|
unclassified section
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1B9D5410000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1B9D4E00000
|
unclassified section
|
page readonly
|
||
|
21EA11A0000
|
trusted library allocation
|
page read and write
|
||
|
30000
|
heap
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
1CD0000
|
heap
|
page read and write
|
||
|
17D4000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page read and write
|
||
|
1D0000
|
heap
|
page read and write
|
||
|
1B9D4D02000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
435000
|
unkown
|
page read and write
|
||
|
6EC000
|
heap
|
page read and write
|
||
|
1B9D4AA0000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
451000
|
unkown
|
page write copy
|
||
|
626000
|
unkown
|
page write copy
|
||
|
3480000
|
heap
|
page read and write
|
||
|
23A4000
|
heap
|
page read and write
|
||
|
1B9D4B00000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1B9D4C7D000
|
heap
|
page read and write
|
||
|
1957000
|
heap
|
page read and write
|
||
|
1B9D4C3C000
|
heap
|
page read and write
|
||
|
21EA0A60000
|
heap
|
page read and write
|
||
|
1CB0000
|
trusted library allocation
|
page read and write
|
||
|
1B9D4C33000
|
heap
|
page read and write
|
||
|
21EA0A02000
|
heap
|
page read and write
|
||
|
1B9D4C6C000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
F059E7E000
|
stack
|
page read and write
|
||
|
31F0000
|
trusted library allocation
|
page read and write
|
||
|
427000
|
unkown
|
page read and write
|
||
|
194A000
|
heap
|
page read and write
|
||
|
6F1000
|
heap
|
page read and write
|
||
|
C1B07B000
|
stack
|
page read and write
|
||
|
C1B4FE000
|
stack
|
page read and write
|
||
|
5EE000
|
unkown
|
page write copy
|
||
|
96F000
|
stack
|
page read and write
|
||
|
C1B5FA000
|
stack
|
page read and write
|
||
|
6B9000
|
heap
|
page read and write
|
||
|
C1B3FF000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1D5B7000
|
trusted library allocation
|
page read and write
|
||
|
1D6E0000
|
trusted library allocation
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
231E000
|
stack
|
page read and write
|
||
|
1D16F000
|
stack
|
page read and write
|
||
|
10020000
|
trusted library allocation
|
page read and write
|
||
|
A6E000
|
stack
|
page read and write
|
||
|
21EA0A67000
|
heap
|
page read and write
|
||
|
21EA0A00000
|
heap
|
page read and write
|
||
|
1B9D4C26000
|
heap
|
page read and write
|
||
|
17D4000
|
heap
|
page read and write
|
||
|
21EA0A3E000
|
heap
|
page read and write
|
||
|
9E000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
18E8000
|
heap
|
page read and write
|
||
|
1AA0000
|
trusted library allocation
|
page read and write
|
||
|
F0598FB000
|
stack
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
1942000
|
heap
|
page read and write
|
||
|
192A000
|
heap
|
page read and write
|
||
|
F059CFF000
|
stack
|
page read and write
|
||
|
46C000
|
unkown
|
page read and write
|
||
|
1957000
|
heap
|
page read and write
|
||
|
21EA0A2A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1DA2C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1B9D5602000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
F0599FF000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1D88D000
|
trusted library allocation
|
page execute and read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1B9D4C4B000
|
heap
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
18E0000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1B71000
|
heap
|
page read and write
|
||
|
1966000
|
heap
|
page read and write
|
||
|
21EA0A77000
|
heap
|
page read and write
|
||
|
1B9D4E20000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
21EA0B02000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
1936000
|
heap
|
page read and write
|
||
|
194A000
|
heap
|
page read and write
|
||
|
1D760000
|
trusted library allocation
|
page execute and read and write
|
||
|
1660000
|
remote allocation
|
page execute and read and write
|
||
|
42D000
|
unkown
|
page read and write
|
||
|
1B9D4C55000
|
heap
|
page read and write
|
||
|
3480000
|
trusted library allocation
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1960000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
42B000
|
unkown
|
page read and write
|
||
|
21EA0A42000
|
heap
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
1B9D4C7E000
|
heap
|
page read and write
|
||
|
229E000
|
stack
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1B9D4C2A000
|
heap
|
page read and write
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
1930000
|
heap
|
page read and write
|
||
|
21EA0810000
|
heap
|
page read and write
|
||
|
21EA0A25000
|
heap
|
page read and write
|
||
|
21EA0A44000
|
heap
|
page read and write
|
||
|
21EA0A76000
|
heap
|
page read and write
|
||
|
66E000
|
stack
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1B9D4C13000
|
heap
|
page read and write
|
||
|
1956000
|
heap
|
page read and write
|
||
|
21EA0A7E000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
1B9D4C20000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
21EA0980000
|
unclassified section
|
page readonly
|
||
|
21EA0A63000
|
heap
|
page read and write
|
||
|
1B71000
|
heap
|
page read and write
|
||
|
1D6E4000
|
trusted library allocation
|
page read and write
|
||
|
DF000
|
stack
|
page read and write
|
||
|
1966000
|
heap
|
page read and write
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
408000
|
unkown
|
page readonly
|
||
|
1B9D4C47000
|
heap
|
page read and write
|
||
|
3481000
|
heap
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
27EF000
|
stack
|
page read and write
|
||
|
F059D7F000
|
stack
|
page read and write
|
||
|
21EA1202000
|
trusted library allocation
|
page read and write
|
||
|
5F0000
|
trusted library allocation
|
page read and write
|
||
|
5EA000
|
unkown
|
page write copy
|
||
|
1CBB0000
|
trusted library allocation
|
page read and write
|
||
|
1960000
|
heap
|
page read and write
|
||
|
1D0000
|
unclassified section
|
page readonly
|
||
|
30000
|
heap
|
page read and write
|
||
|
1B71000
|
heap
|
page read and write
|
||
|
5E8000
|
unkown
|
page write copy
|
||
|
193F000
|
heap
|
page read and write
|
||
|
1C0000
|
remote allocation
|
page read and write
|
||
|
21EA0A13000
|
heap
|
page read and write
|
||
|
C1B17E000
|
unkown
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
21EA0A53000
|
heap
|
page read and write
|
||
|
5AE000
|
stack
|
page read and write
|
||
|
21EA0A7F000
|
heap
|
page read and write
|
||
|
3270000
|
trusted library allocation
|
page read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
21EA0990000
|
unclassified section
|
page readonly
|
||
|
34C9000
|
trusted library allocation
|
page read and write
|
||
|
1B9D4C00000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1DA30000
|
trusted library allocation
|
page execute and read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
46E000
|
unkown
|
page readonly
|
||
|
292C000
|
trusted library allocation
|
page read and write
|
||
|
678000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
20000
|
unclassified section
|
page readonly
|
||
|
1B9D4C8F000
|
heap
|
page read and write
|
||
|
40A000
|
unkown
|
page write copy
|
||
|
6AF000
|
heap
|
page read and write
|
||
|
3481000
|
heap
|
page read and write
|
||
|
10003000
|
unkown
|
page readonly
|
||
|
5F2000
|
unkown
|
page write copy
|
||
|
703000
|
heap
|
page read and write
|
||
|
6D6000
|
heap
|
page read and write
|
||
|
1D40D000
|
trusted library allocation
|
page read and write
|
||
|
21EA0A7A000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
649000
|
unkown
|
page write copy
|
||
|
1D12E000
|
stack
|
page read and write
|
||
|
194A000
|
heap
|
page read and write
|
||
|
1B9D4C40000
|
heap
|
page read and write
|
||
|
1B9D4C86000
|
heap
|
page read and write
|
||
|
10059000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
21EA0A78000
|
heap
|
page read and write
|
||
|
1B9D4C8B000
|
heap
|
page read and write
|
||
|
3600000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
28F7000
|
trusted library allocation
|
page read and write
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
1B9D4C6E000
|
heap
|
page read and write
|
||
|
35C0000
|
trusted library allocation
|
page read and write
|
||
|
5EE000
|
stack
|
page read and write
|
||
|
1E0000
|
unclassified section
|
page readonly
|
||
|
5EC000
|
unkown
|
page write copy
|
||
|
1942000
|
heap
|
page read and write
|
||
|
3230000
|
trusted library allocation
|
page read and write
|
||
|
1B9D4C82000
|
heap
|
page read and write
|
||
|
21EA09A0000
|
heap
|
page read and write
|
||
|
5F0000
|
unkown
|
page write copy
|
||
|
10005000
|
unkown
|
page readonly
|
||
|
1D4000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
There are 216 hidden memdumps, click here to show them.