Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB2D7.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB326.tmp\LangDLL.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB326.tmp\System.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB326.tmp\modern-header.bmp
|
PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25766, resolution 2834 x 2834 px/m, cbSize 25820, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB326.tmp\modern-wizard.bmp
|
PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154490, resolution 2834 x 2834 px/m, cbSize 154544, bits offset
54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\nsiB326.tmp\nsDialogs.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\Desktop\setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Adware.Downware.20566.20228.21311.exe"
|
 |
|
|
C:\Users\user\Desktop\setup.exe
|
"C:\Users\user\Desktop\Setup.exe"
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
|
unknown
|
||
|
https://pki-info.aol.com/AOL/index.html05
|
unknown
|
||
|
http://download.nullsoft.com/redist/wm/wmfdist95.exe3287http://download.nullsoft.com/redist/wm/wmfdi
|
unknown
|
||
|
https://sectigo.com/CPS0
|
unknown
|
||
|
http://download.nullsoft.com/redist/dx/dxwebsetup.exed3dx9_42.dll
|
unknown
|
||
|
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
|
unknown
|
||
|
http://ocsp.sectigo.com0
|
unknown
|
||
|
https://curl.se/docs/http-cookies.html
|
unknown
|
||
|
http://mp3licensing.com
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://www.winamp.com/legal/cloud
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
|
unknown
|
||
|
http://www.winamp.comPublisherVersionMajorVersionMinorNoRepairNoModifyModifyPathInstallLocationDispl
|
unknown
|
||
|
http://crl.aol.com/AOLMSPKI/aolCodeSign.crl0
|
unknown
|
||
|
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
|
unknown
|
||
|
http://nsis.sf.net/NSIS_ErrorError
|
unknown
|
||
|
http://ocsp.web.aol.com:80/ocsp0
|
unknown
|
||
|
https://curl.se/docs/alt-svc.html
|
unknown
|
||
|
http://www.winamp.com/download
|
unknown
|
||
|
http://pki-info.aol.com/AOLMSPKI/index.html0
|
unknown
|
||
|
http://www.winamp.com/open
|
unknown
|
||
|
http://www.winamp.com/
|
unknown
|
||
|
http://dev.winamp.com/wiki/Main_Page
|
unknown
|
||
|
https://curl.se/docs/hsts.html
|
unknown
|
||
|
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
|
unknown
|
||
|
http://www.winamp.com/legal/eula/pc0x3FF0x02
|
unknown
|
||
|
http://forums.winamp.comURLUpdateInfo5.66
|
unknown
|
||
|
http://ocsp.sectigo.com0M
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
http://www.winamp.com
|
unknown
|
||
|
http://download.nullsoft.com/redist/dx/d3dx9_31_42_x86_embed.exed3dx9_31.dll
|
unknown
|
||
|
http://www.winamp.com/legal/eula/pcopen
|
unknown
|
||
|
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
|
unknown
|
||
|
http://crl.aol.com/AOL/MasterCRL.crl0
|
unknown
|
||
|
http://lyricsplugin.com
|
unknown
|
||
|
http://www.winamp.com/legal/privacy
|
unknown
|
There are 26 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp
|
LangId
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3D50000
|
heap
|
page read and write
|
||
|
236A000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
300E000
|
unkown
|
page read and write
|
||
|
40B000
|
unkown
|
page read and write
|
||
|
6CEB3000
|
unkown
|
page readonly
|
||
|
3A92000
|
heap
|
page read and write
|
||
|
8D8000
|
heap
|
page read and write
|
||
|
2364000
|
heap
|
page read and write
|
||
|
3E50000
|
heap
|
page read and write
|
||
|
6D101000
|
unkown
|
page execute read
|
||
|
3A10000
|
heap
|
page read and write
|
||
|
2DC8000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
6D100000
|
unkown
|
page readonly
|
||
|
A06000
|
heap
|
page read and write
|
||
|
6D102000
|
unkown
|
page readonly
|
||
|
3DD0000
|
heap
|
page read and write
|
||
|
28AE000
|
stack
|
page read and write
|
||
|
8E1000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
2DF0000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
304D000
|
unkown
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
153E000
|
stack
|
page read and write
|
||
|
4193000
|
heap
|
page read and write
|
||
|
3F53000
|
heap
|
page read and write
|
||
|
22DE000
|
stack
|
page read and write
|
||
|
C45000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
8F3000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
B1E000
|
stack
|
page read and write
|
||
|
4013000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
2BBE000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
41D3000
|
heap
|
page read and write
|
||
|
51E0000
|
trusted library allocation
|
page read and write
|
||
|
3C93000
|
heap
|
page read and write
|
||
|
6F951000
|
unkown
|
page execute read
|
||
|
6D105000
|
unkown
|
page readonly
|
||
|
C85000
|
heap
|
page read and write
|
||
|
6B0000
|
heap
|
page read and write
|
||
|
4153000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
3D50000
|
heap
|
page read and write
|
||
|
3611000
|
heap
|
page read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
B9E000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
38D1000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
678000
|
unkown
|
page readonly
|
||
|
3711000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3E51000
|
heap
|
page read and write
|
||
|
2340000
|
heap
|
page read and write
|
||
|
408000
|
unkown
|
page readonly
|
||
|
3AD4000
|
heap
|
page read and write
|
||
|
3851000
|
heap
|
page read and write
|
||
|
B9A000
|
heap
|
page read and write
|
||
|
31C0000
|
heap
|
page read and write
|
||
|
8F2000
|
heap
|
page read and write
|
||
|
29AF000
|
stack
|
page read and write
|
||
|
36D3000
|
heap
|
page read and write
|
||
|
3D30000
|
trusted library allocation
|
page read and write
|
||
|
979000
|
stack
|
page read and write
|
||
|
3911000
|
heap
|
page read and write
|
||
|
3D10000
|
heap
|
page read and write
|
||
|
8DD000
|
heap
|
page read and write
|
||
|
3F13000
|
heap
|
page read and write
|
||
|
477F000
|
stack
|
page read and write
|
||
|
3810000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
3ED4000
|
heap
|
page read and write
|
||
|
6F953000
|
unkown
|
page readonly
|
||
|
36D0000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
3B54000
|
heap
|
page read and write
|
||
|
3D11000
|
heap
|
page read and write
|
||
|
3BD4000
|
heap
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
||
|
DCD000
|
stack
|
page read and write
|
||
|
3FD4000
|
heap
|
page read and write
|
||
|
89A000
|
heap
|
page read and write
|
||
|
4054000
|
heap
|
page read and write
|
||
|
3710000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
3F54000
|
heap
|
page read and write
|
||
|
3A53000
|
heap
|
page read and write
|
||
|
40D4000
|
heap
|
page read and write
|
||
|
903000
|
heap
|
page read and write
|
||
|
4113000
|
heap
|
page read and write
|
||
|
96000
|
stack
|
page read and write
|
||
|
3811000
|
heap
|
page read and write
|
||
|
1426000
|
unkown
|
page read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
2330000
|
heap
|
page read and write
|
||
|
2DCB000
|
heap
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
678000
|
unkown
|
page readonly
|
||
|
3E90000
|
heap
|
page read and write
|
||
|
3790000
|
heap
|
page read and write
|
||
|
BC6000
|
heap
|
page read and write
|
||
|
860000
|
heap
|
page read and write
|
||
|
2360000
|
heap
|
page read and write
|
||
|
3DD1000
|
heap
|
page read and write
|
||
|
6CEB1000
|
unkown
|
page execute read
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
B69000
|
heap
|
page read and write
|
||
|
40D3000
|
heap
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
41F000
|
unkown
|
page read and write
|
||
|
879000
|
stack
|
page read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
3C53000
|
heap
|
page read and write
|
||
|
3690000
|
heap
|
page read and write
|
||
|
B85000
|
heap
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
6F955000
|
unkown
|
page readonly
|
||
|
467E000
|
stack
|
page read and write
|
||
|
4154000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
3B53000
|
heap
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
907000
|
heap
|
page read and write
|
||
|
6CEB6000
|
unkown
|
page readonly
|
||
|
3D51000
|
heap
|
page read and write
|
||
|
31C4000
|
heap
|
page read and write
|
||
|
3C13000
|
heap
|
page read and write
|
||
|
3951000
|
heap
|
page read and write
|
||
|
3691000
|
heap
|
page read and write
|
||
|
4510000
|
direct allocation
|
page read and write
|
||
|
39D0000
|
heap
|
page read and write
|
||
|
3CD3000
|
heap
|
page read and write
|
||
|
360E000
|
stack
|
page read and write
|
||
|
3CD9000
|
heap
|
page read and write
|
||
|
4C3C000
|
stack
|
page read and write
|
||
|
39D1000
|
heap
|
page read and write
|
||
|
4093000
|
heap
|
page read and write
|
||
|
13F4000
|
unkown
|
page readonly
|
||
|
19A000
|
stack
|
page read and write
|
||
|
3A50000
|
heap
|
page read and write
|
||
|
3610000
|
heap
|
page read and write
|
||
|
3BD3000
|
heap
|
page read and write
|
||
|
4780000
|
heap
|
page read and write
|
||
|
5160000
|
direct allocation
|
page read and write
|
||
|
8FD000
|
heap
|
page read and write
|
||
|
461000
|
unkown
|
page read and write
|
||
|
DE0000
|
unkown
|
page readonly
|
||
|
142B000
|
unkown
|
page readonly
|
||
|
3FD3000
|
heap
|
page read and write
|
||
|
925000
|
heap
|
page read and write
|
||
|
3AD2000
|
heap
|
page read and write
|
||
|
DE1000
|
unkown
|
page execute read
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
1426000
|
unkown
|
page write copy
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
2E6E000
|
stack
|
page read and write
|
||
|
29B9000
|
heap
|
page read and write
|
||
|
3CD4000
|
heap
|
page read and write
|
||
|
4B3B000
|
stack
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
4053000
|
heap
|
page read and write
|
||
|
B65000
|
heap
|
page read and write
|
||
|
8A9000
|
heap
|
page read and write
|
||
|
2D47000
|
heap
|
page read and write
|
||
|
6CEB0000
|
unkown
|
page readonly
|
||
|
3791000
|
heap
|
page read and write
|
||
|
3150000
|
heap
|
page read and write
|
||
|
B8A000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
3910000
|
heap
|
page read and write
|
||
|
40B000
|
unkown
|
page write copy
|
||
|
2E20000
|
heap
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
D8E000
|
stack
|
page read and write
|
||
|
3F93000
|
heap
|
page read and write
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
4F10000
|
direct allocation
|
page read and write
|
||
|
3950000
|
heap
|
page read and write
|
||
|
2E10000
|
heap
|
page read and write
|
||
|
7B5000
|
heap
|
page read and write
|
||
|
BC3000
|
heap
|
page read and write
|
||
|
3ED0000
|
heap
|
page read and write
|
||
|
904000
|
heap
|
page read and write
|
||
|
C44000
|
heap
|
page read and write
|
||
|
3C54000
|
heap
|
page read and write
|
||
|
2B42000
|
heap
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
3A93000
|
heap
|
page read and write
|
||
|
3650000
|
heap
|
page read and write
|
||
|
6F950000
|
unkown
|
page readonly
|
||
|
13F4000
|
unkown
|
page readonly
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
3CDB000
|
heap
|
page read and write
|
||
|
BBF000
|
heap
|
page read and write
|
||
|
3E10000
|
heap
|
page read and write
|
||
|
3B93000
|
heap
|
page read and write
|
||
|
A00000
|
heap
|
page read and write
|
||
|
142B000
|
unkown
|
page readonly
|
||
|
922000
|
heap
|
page read and write
|
There are 202 hidden memdumps, click here to show them.