Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_74c1169901cfd82c83d4316a2f32e8232d1c591_4b6ee407_16f3011e-a244-453b-95f7-631c14484814\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD85F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 16:25:13 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD89F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8CF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1cv3okj0.b1b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kzwnydqv.bsu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sism01nl.0zf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwnohdeg.d0b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
||
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
||
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 196
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
http://www.fontbureau.com
|
unknown
|
||
http://www.fontbureau.com/designersG
|
unknown
|
||
http://www.fontbureau.com/designers/?
|
unknown
|
||
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
http://www.fontbureau.com/designers?
|
unknown
|
||
http://www.tiro.com
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://www.fontbureau.com/designers
|
unknown
|
||
http://www.goodfont.co.kr
|
unknown
|
||
http://www.carterandcone.coml
|
unknown
|
||
http://www.sajatypeworks.com
|
unknown
|
||
http://www.typography.netD
|
unknown
|
||
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
http://www.founder.com.cn/cn
|
unknown
|
||
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
http://www.fontbureau.com/designers8
|
unknown
|
||
http://www.fonts.com
|
unknown
|
||
http://www.sandoll.co.kr
|
unknown
|
||
http://www.urwpp.deDPlease
|
unknown
|
||
http://www.zhongyicts.com.cn
|
unknown
|
||
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
http://www.sakkal.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProgramId
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
FileId
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LowerCaseLongPath
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LongPathHash
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Name
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
OriginalFileName
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Publisher
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Version
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinFileVersion
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinaryType
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProductName
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProductVersion
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LinkDate
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinProductVersion
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
AppxPackageFullName
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Size
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Language
|
||
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
remote allocation
|
page execute and read and write
|
||
2C50000
|
trusted library allocation
|
page read and write
|
||
2D42000
|
trusted library allocation
|
page read and write
|
||
2D60000
|
heap
|
page read and write
|
||
7E28000
|
heap
|
page read and write
|
||
1108000
|
heap
|
page read and write
|
||
962000
|
unkown
|
page readonly
|
||
2D36000
|
trusted library allocation
|
page read and write
|
||
2EC0000
|
trusted library allocation
|
page read and write
|
||
54C0000
|
trusted library allocation
|
page read and write
|
||
7BAE000
|
stack
|
page read and write
|
||
2CEC000
|
stack
|
page read and write
|
||
30D3000
|
trusted library allocation
|
page read and write
|
||
4023000
|
trusted library allocation
|
page read and write
|
||
10EE000
|
heap
|
page read and write
|
||
5420000
|
heap
|
page read and write
|
||
10D0000
|
trusted library allocation
|
page read and write
|
||
2E6C000
|
stack
|
page read and write
|
||
54E0000
|
heap
|
page read and write
|
||
2F99000
|
trusted library allocation
|
page read and write
|
||
B98000
|
stack
|
page read and write
|
||
2F20000
|
heap
|
page execute and read and write
|
||
7A6F000
|
stack
|
page read and write
|
||
116E000
|
direct allocation
|
page execute and read and write
|
||
145F000
|
stack
|
page read and write
|
||
A80C000
|
stack
|
page read and write
|
||
5770000
|
heap
|
page read and write
|
||
A08000
|
unkown
|
page readonly
|
||
10B0000
|
trusted library allocation
|
page read and write
|
||
7E22000
|
heap
|
page read and write
|
||
2D10000
|
trusted library allocation
|
page read and write
|
||
2ED0000
|
trusted library allocation
|
page read and write
|
||
2E90000
|
trusted library allocation
|
page read and write
|
||
7740000
|
trusted library section
|
page read and write
|
||
10F9000
|
direct allocation
|
page execute and read and write
|
||
53EB000
|
stack
|
page read and write
|
||
76CE000
|
stack
|
page read and write
|
||
3F39000
|
trusted library allocation
|
page read and write
|
||
2D3D000
|
trusted library allocation
|
page read and write
|
||
30FC000
|
trusted library allocation
|
page read and write
|
||
12DE000
|
stack
|
page read and write
|
||
86C000
|
stack
|
page read and write
|
||
1122000
|
heap
|
page read and write
|
||
B70000
|
heap
|
page read and write
|
||
2F81000
|
trusted library allocation
|
page read and write
|
||
1460000
|
heap
|
page read and write
|
||
6F90000
|
trusted library allocation
|
page read and write
|
||
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
A6BE000
|
stack
|
page read and write
|
||
12F2000
|
trusted library allocation
|
page read and write
|
||
2F9D000
|
trusted library allocation
|
page read and write
|
||
3114000
|
trusted library allocation
|
page read and write
|
||
73B0000
|
trusted library allocation
|
page read and write
|
||
73C0000
|
trusted library allocation
|
page read and write
|
||
1310000
|
trusted library allocation
|
page read and write
|
||
8F28000
|
trusted library allocation
|
page read and write
|
||
F2E000
|
stack
|
page read and write
|
||
2C70000
|
trusted library allocation
|
page execute and read and write
|
||
586E000
|
heap
|
page read and write
|
||
410E000
|
trusted library allocation
|
page read and write
|
||
A70B000
|
stack
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
12E6000
|
trusted library allocation
|
page execute and read and write
|
||
2EA0000
|
trusted library allocation
|
page read and write
|
||
12E0000
|
trusted library allocation
|
page read and write
|
||
52F5000
|
heap
|
page read and write
|
||
5860000
|
heap
|
page read and write
|
||
10DD000
|
trusted library allocation
|
page execute and read and write
|
||
1120000
|
heap
|
page read and write
|
||
52F0000
|
heap
|
page read and write
|
||
1318000
|
direct allocation
|
page execute and read and write
|
||
5560000
|
heap
|
page execute and read and write
|
||
73A0000
|
trusted library section
|
page read and write
|
||
7400000
|
trusted library allocation
|
page read and write
|
||
59DE000
|
stack
|
page read and write
|
||
EE0000
|
heap
|
page read and write
|
||
7CFE000
|
stack
|
page read and write
|
||
2C4E000
|
stack
|
page read and write
|
||
2E70000
|
trusted library allocation
|
page read and write
|
||
F40000
|
heap
|
page read and write
|
||
7E1D000
|
heap
|
page read and write
|
||
2D2E000
|
trusted library allocation
|
page read and write
|
||
2F9B000
|
trusted library allocation
|
page read and write
|
||
52A0000
|
trusted library allocation
|
page read and write
|
||
10C4000
|
trusted library allocation
|
page read and write
|
||
10D3000
|
trusted library allocation
|
page read and write
|
||
129D000
|
direct allocation
|
page execute and read and write
|
||
5291000
|
trusted library allocation
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
5280000
|
trusted library allocation
|
page execute and read and write
|
||
579E000
|
heap
|
page read and write
|
||
5300000
|
heap
|
page read and write
|
||
575D000
|
stack
|
page read and write
|
||
2D31000
|
trusted library allocation
|
page read and write
|
||
12E2000
|
trusted library allocation
|
page read and write
|
||
2D50000
|
trusted library allocation
|
page read and write
|
||
12F0000
|
trusted library allocation
|
page read and write
|
||
7DFE000
|
stack
|
page read and write
|
||
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
3F31000
|
trusted library allocation
|
page read and write
|
||
1296000
|
direct allocation
|
page execute and read and write
|
||
52D0000
|
trusted library section
|
page readonly
|
||
FD0000
|
direct allocation
|
page execute and read and write
|
||
10C3000
|
trusted library allocation
|
page execute and read and write
|
||
12FB000
|
trusted library allocation
|
page execute and read and write
|
||
10C0000
|
trusted library allocation
|
page read and write
|
||
91BF000
|
stack
|
page read and write
|
||
2F00000
|
heap
|
page read and write
|
||
6FB2000
|
trusted library allocation
|
page read and write
|
||
7F110000
|
trusted library allocation
|
page execute and read and write
|
||
C70000
|
heap
|
page read and write
|
||
2F10000
|
trusted library allocation
|
page read and write
|
||
10E0000
|
heap
|
page read and write
|
||
5410000
|
trusted library allocation
|
page read and write
|
||
A9A000
|
stack
|
page read and write
|
||
108E000
|
stack
|
page read and write
|
||
758E000
|
stack
|
page read and write
|
||
104E000
|
stack
|
page read and write
|
||
135E000
|
stack
|
page read and write
|
||
12F7000
|
trusted library allocation
|
page execute and read and write
|
||
1100000
|
heap
|
page read and write
|
||
7F00000
|
trusted library section
|
page read and write
|
||
748E000
|
stack
|
page read and write
|
||
7390000
|
trusted library allocation
|
page execute and read and write
|
||
ED0000
|
heap
|
page read and write
|
||
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
7E18000
|
heap
|
page read and write
|
||
10CD000
|
trusted library allocation
|
page execute and read and write
|
||
744D000
|
stack
|
page read and write
|
||
7E00000
|
heap
|
page read and write
|
||
5760000
|
heap
|
page read and write
|
||
1185000
|
heap
|
page read and write
|
||
2CF0000
|
trusted library allocation
|
page execute and read and write
|
||
11AA000
|
heap
|
page read and write
|
||
10FD000
|
direct allocation
|
page execute and read and write
|
||
7B6E000
|
stack
|
page read and write
|
||
1467000
|
heap
|
page read and write
|
||
599E000
|
stack
|
page read and write
|
||
1174000
|
heap
|
page read and write
|
||
9C0000
|
heap
|
page read and write
|
||
7CAE000
|
stack
|
page read and write
|
||
96C000
|
stack
|
page read and write
|
||
2C55000
|
trusted library allocation
|
page read and write
|
||
75CE000
|
stack
|
page read and write
|
||
A820000
|
trusted library allocation
|
page read and write
|
||
5423000
|
heap
|
page read and write
|
||
2F31000
|
trusted library allocation
|
page read and write
|
||
1281000
|
direct allocation
|
page execute and read and write
|
||
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
52E0000
|
heap
|
page read and write
|
||
2D00000
|
trusted library allocation
|
page read and write
|
||
57B0000
|
heap
|
page read and write
|
||
960000
|
unkown
|
page readonly
|
There are 143 hidden memdumps, click here to show them.