Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe.log
|
CSV text
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HHILU52QJYGQXVY5_66b95f189632357356324fccc990573e605dff9b_daefafe1_d57dd59e-8b18-45dd-b2d7-380d4be2e871\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER20ED.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 3 21:29:55 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2350.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2370.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
\Device\ConDrv
|
ASCII text, with CRLF, LF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe"
|
||
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.AVKillNET.1.18071.13447.exe
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 1036
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
ProgramId
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
FileId
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
LowerCaseLongPath
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
LongPathHash
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Name
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
OriginalFileName
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Publisher
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Version
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
BinFileVersion
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
BinaryType
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
ProductName
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
ProductVersion
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
LinkDate
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
BinProductVersion
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
AppxPackageFullName
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Size
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Language
|
||
\REGISTRY\A\{43d5b54c-c2a7-2fc3-0048-449df9aa1d1f}\Root\InventoryApplicationFile\securiteinfo.com|c6e10f89dad54dba
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
DC9000
|
stack
|
page read and write
|
||
1130000
|
heap
|
page read and write
|
||
10E0000
|
trusted library allocation
|
page execute and read and write
|
||
2F8C000
|
stack
|
page read and write
|
||
507E000
|
stack
|
page read and write
|
||
F40000
|
heap
|
page read and write
|
||
3071000
|
trusted library allocation
|
page read and write
|
||
C32000
|
unkown
|
page readonly
|
||
1370000
|
trusted library allocation
|
page read and write
|
||
5300000
|
heap
|
page read and write
|
||
FFD10000
|
trusted library allocation
|
page execute and read and write
|
||
2FCE000
|
stack
|
page read and write
|
||
CF0000
|
heap
|
page read and write
|
||
2A10000
|
heap
|
page read and write
|
||
F3D000
|
trusted library allocation
|
page execute and read and write
|
||
D0E000
|
heap
|
page read and write
|
||
4095000
|
trusted library allocation
|
page read and write
|
||
119E000
|
stack
|
page read and write
|
||
1060000
|
trusted library allocation
|
page read and write
|
||
5590000
|
heap
|
page execute and read and write
|
||
3A45000
|
trusted library allocation
|
page read and write
|
||
A3C000
|
stack
|
page read and write
|
||
15C0000
|
heap
|
page read and write
|
||
57B0000
|
heap
|
page read and write
|
||
1330000
|
trusted library allocation
|
page read and write
|
||
D1A000
|
heap
|
page read and write
|
||
56AE000
|
stack
|
page read and write
|
||
13B6000
|
heap
|
page read and write
|
||
1700000
|
heap
|
page read and write
|
||
300E000
|
stack
|
page read and write
|
||
13C5000
|
heap
|
page read and write
|
||
1304000
|
trusted library allocation
|
page read and write
|
||
1100000
|
heap
|
page execute and read and write
|
||
138E000
|
heap
|
page read and write
|
||
1090000
|
trusted library allocation
|
page read and write
|
||
106A000
|
trusted library allocation
|
page execute and read and write
|
||
1406000
|
heap
|
page read and write
|
||
C30000
|
unkown
|
page readonly
|
||
13FD000
|
heap
|
page read and write
|
||
50BE000
|
stack
|
page read and write
|
||
4BFE000
|
stack
|
page read and write
|
||
FF720000
|
trusted library allocation
|
page execute and read and write
|
||
133B000
|
trusted library allocation
|
page execute and read and write
|
||
138A000
|
heap
|
page read and write
|
||
F20000
|
trusted library allocation
|
page read and write
|
||
1110000
|
heap
|
page read and write
|
||
57AF000
|
stack
|
page read and write
|
||
CF8000
|
heap
|
page read and write
|
||
F33000
|
trusted library allocation
|
page execute and read and write
|
||
F34000
|
trusted library allocation
|
page read and write
|
||
104E000
|
stack
|
page read and write
|
||
1327000
|
trusted library allocation
|
page execute and read and write
|
||
10DE000
|
stack
|
page read and write
|
||
1350000
|
trusted library allocation
|
page read and write
|
||
D27000
|
heap
|
page read and write
|
||
1077000
|
trusted library allocation
|
page execute and read and write
|
||
16CE000
|
stack
|
page read and write
|
||
29DE000
|
stack
|
page read and write
|
||
4074000
|
trusted library allocation
|
page read and write
|
||
51FE000
|
stack
|
page read and write
|
||
1050000
|
trusted library allocation
|
page read and write
|
||
304E000
|
stack
|
page read and write
|
||
11B0000
|
heap
|
page read and write
|
||
3A24000
|
trusted library allocation
|
page read and write
|
||
52FE000
|
stack
|
page read and write
|
||
3A21000
|
trusted library allocation
|
page read and write
|
||
D6A000
|
heap
|
page read and write
|
||
12E0000
|
trusted library allocation
|
page read and write
|
||
157E000
|
stack
|
page read and write
|
||
1310000
|
trusted library allocation
|
page read and write
|
||
516E000
|
stack
|
page read and write
|
||
107B000
|
trusted library allocation
|
page execute and read and write
|
||
EEE000
|
stack
|
page read and write
|
||
1030000
|
heap
|
page read and write
|
||
1337000
|
trusted library allocation
|
page execute and read and write
|
||
11B5000
|
heap
|
page read and write
|
||
4071000
|
trusted library allocation
|
page read and write
|
||
1380000
|
heap
|
page read and write
|
||
CE0000
|
heap
|
page read and write
|
||
55AE000
|
stack
|
page read and write
|
||
1360000
|
trusted library allocation
|
page execute and read and write
|
||
13C1000
|
heap
|
page read and write
|
||
B37000
|
stack
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
1303000
|
trusted library allocation
|
page execute and read and write
|
||
1070000
|
trusted library allocation
|
page read and write
|
||
1067000
|
trusted library allocation
|
page execute and read and write
|
||
CDE000
|
stack
|
page read and write
|
||
15BE000
|
stack
|
page read and write
|
||
4F7E000
|
stack
|
page read and write
|
||
115E000
|
stack
|
page read and write
|
||
13EF000
|
heap
|
page read and write
|
||
1414000
|
heap
|
page read and write
|
||
1320000
|
trusted library allocation
|
page read and write
|
||
51BE000
|
stack
|
page read and write
|
||
CCC000
|
stack
|
page read and write
|
||
BBE000
|
stack
|
page read and write
|
||
4AFD000
|
stack
|
page read and write
|
||
10F0000
|
trusted library allocation
|
page read and write
|
||
3060000
|
heap
|
page execute and read and write
|
||
12F0000
|
heap
|
page read and write
|
||
BC0000
|
heap
|
page read and write
|
||
132A000
|
trusted library allocation
|
page execute and read and write
|
||
12BE000
|
stack
|
page read and write
|
||
2A21000
|
trusted library allocation
|
page read and write
|
There are 95 hidden memdumps, click here to show them.