Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_74c1169901cfd82c83d4316a2f32e8232d1c591_4b6ee407_16f3011e-a244-453b-95f7-631c14484814\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD85F.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 16:25:13 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD89F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8CF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1cv3okj0.b1b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kzwnydqv.bsu.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sism01nl.0zf.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwnohdeg.d0b.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.16176.20864.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 196
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProgramId
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
FileId
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LongPathHash
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Name
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
OriginalFileName
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Publisher
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Version
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinFileVersion
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinaryType
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProductName
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
ProductVersion
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
LinkDate
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
BinProductVersion
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Size
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Language
|
||
|
\REGISTRY\A\{777e2efe-f093-b73e-5833-99422e1e152c}\Root\InventoryApplicationFile\securiteinfo.com|3c74daf6cc5d2b47
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
2C50000
|
trusted library allocation
|
page read and write
|
||
|
2D42000
|
trusted library allocation
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
7E28000
|
heap
|
page read and write
|
||
|
1108000
|
heap
|
page read and write
|
||
|
962000
|
unkown
|
page readonly
|
||
|
2D36000
|
trusted library allocation
|
page read and write
|
||
|
2EC0000
|
trusted library allocation
|
page read and write
|
||
|
54C0000
|
trusted library allocation
|
page read and write
|
||
|
7BAE000
|
stack
|
page read and write
|
||
|
2CEC000
|
stack
|
page read and write
|
||
|
30D3000
|
trusted library allocation
|
page read and write
|
||
|
4023000
|
trusted library allocation
|
page read and write
|
||
|
10EE000
|
heap
|
page read and write
|
||
|
5420000
|
heap
|
page read and write
|
||
|
10D0000
|
trusted library allocation
|
page read and write
|
||
|
2E6C000
|
stack
|
page read and write
|
||
|
54E0000
|
heap
|
page read and write
|
||
|
2F99000
|
trusted library allocation
|
page read and write
|
||
|
B98000
|
stack
|
page read and write
|
||
|
2F20000
|
heap
|
page execute and read and write
|
||
|
7A6F000
|
stack
|
page read and write
|
||
|
116E000
|
direct allocation
|
page execute and read and write
|
||
|
145F000
|
stack
|
page read and write
|
||
|
A80C000
|
stack
|
page read and write
|
||
|
5770000
|
heap
|
page read and write
|
||
|
A08000
|
unkown
|
page readonly
|
||
|
10B0000
|
trusted library allocation
|
page read and write
|
||
|
7E22000
|
heap
|
page read and write
|
||
|
2D10000
|
trusted library allocation
|
page read and write
|
||
|
2ED0000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
7740000
|
trusted library section
|
page read and write
|
||
|
10F9000
|
direct allocation
|
page execute and read and write
|
||
|
53EB000
|
stack
|
page read and write
|
||
|
76CE000
|
stack
|
page read and write
|
||
|
3F39000
|
trusted library allocation
|
page read and write
|
||
|
2D3D000
|
trusted library allocation
|
page read and write
|
||
|
30FC000
|
trusted library allocation
|
page read and write
|
||
|
12DE000
|
stack
|
page read and write
|
||
|
86C000
|
stack
|
page read and write
|
||
|
1122000
|
heap
|
page read and write
|
||
|
B70000
|
heap
|
page read and write
|
||
|
2F81000
|
trusted library allocation
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
6F90000
|
trusted library allocation
|
page read and write
|
||
|
12EA000
|
trusted library allocation
|
page execute and read and write
|
||
|
A6BE000
|
stack
|
page read and write
|
||
|
12F2000
|
trusted library allocation
|
page read and write
|
||
|
2F9D000
|
trusted library allocation
|
page read and write
|
||
|
3114000
|
trusted library allocation
|
page read and write
|
||
|
73B0000
|
trusted library allocation
|
page read and write
|
||
|
73C0000
|
trusted library allocation
|
page read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
8F28000
|
trusted library allocation
|
page read and write
|
||
|
F2E000
|
stack
|
page read and write
|
||
|
2C70000
|
trusted library allocation
|
page execute and read and write
|
||
|
586E000
|
heap
|
page read and write
|
||
|
410E000
|
trusted library allocation
|
page read and write
|
||
|
A70B000
|
stack
|
page read and write
|
||
|
BF0000
|
heap
|
page read and write
|
||
|
12E6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2EA0000
|
trusted library allocation
|
page read and write
|
||
|
12E0000
|
trusted library allocation
|
page read and write
|
||
|
52F5000
|
heap
|
page read and write
|
||
|
5860000
|
heap
|
page read and write
|
||
|
10DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1120000
|
heap
|
page read and write
|
||
|
52F0000
|
heap
|
page read and write
|
||
|
1318000
|
direct allocation
|
page execute and read and write
|
||
|
5560000
|
heap
|
page execute and read and write
|
||
|
73A0000
|
trusted library section
|
page read and write
|
||
|
7400000
|
trusted library allocation
|
page read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
7CFE000
|
stack
|
page read and write
|
||
|
2C4E000
|
stack
|
page read and write
|
||
|
2E70000
|
trusted library allocation
|
page read and write
|
||
|
F40000
|
heap
|
page read and write
|
||
|
7E1D000
|
heap
|
page read and write
|
||
|
2D2E000
|
trusted library allocation
|
page read and write
|
||
|
2F9B000
|
trusted library allocation
|
page read and write
|
||
|
52A0000
|
trusted library allocation
|
page read and write
|
||
|
10C4000
|
trusted library allocation
|
page read and write
|
||
|
10D3000
|
trusted library allocation
|
page read and write
|
||
|
129D000
|
direct allocation
|
page execute and read and write
|
||
|
5291000
|
trusted library allocation
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
5280000
|
trusted library allocation
|
page execute and read and write
|
||
|
579E000
|
heap
|
page read and write
|
||
|
5300000
|
heap
|
page read and write
|
||
|
575D000
|
stack
|
page read and write
|
||
|
2D31000
|
trusted library allocation
|
page read and write
|
||
|
12E2000
|
trusted library allocation
|
page read and write
|
||
|
2D50000
|
trusted library allocation
|
page read and write
|
||
|
12F0000
|
trusted library allocation
|
page read and write
|
||
|
7DFE000
|
stack
|
page read and write
|
||
|
52B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F31000
|
trusted library allocation
|
page read and write
|
||
|
1296000
|
direct allocation
|
page execute and read and write
|
||
|
52D0000
|
trusted library section
|
page readonly
|
||
|
FD0000
|
direct allocation
|
page execute and read and write
|
||
|
10C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
12FB000
|
trusted library allocation
|
page execute and read and write
|
||
|
10C0000
|
trusted library allocation
|
page read and write
|
||
|
91BF000
|
stack
|
page read and write
|
||
|
2F00000
|
heap
|
page read and write
|
||
|
6FB2000
|
trusted library allocation
|
page read and write
|
||
|
7F110000
|
trusted library allocation
|
page execute and read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
10E0000
|
heap
|
page read and write
|
||
|
5410000
|
trusted library allocation
|
page read and write
|
||
|
A9A000
|
stack
|
page read and write
|
||
|
108E000
|
stack
|
page read and write
|
||
|
758E000
|
stack
|
page read and write
|
||
|
104E000
|
stack
|
page read and write
|
||
|
135E000
|
stack
|
page read and write
|
||
|
12F7000
|
trusted library allocation
|
page execute and read and write
|
||
|
1100000
|
heap
|
page read and write
|
||
|
7F00000
|
trusted library section
|
page read and write
|
||
|
748E000
|
stack
|
page read and write
|
||
|
7390000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
54B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7E18000
|
heap
|
page read and write
|
||
|
10CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
744D000
|
stack
|
page read and write
|
||
|
7E00000
|
heap
|
page read and write
|
||
|
5760000
|
heap
|
page read and write
|
||
|
1185000
|
heap
|
page read and write
|
||
|
2CF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
11AA000
|
heap
|
page read and write
|
||
|
10FD000
|
direct allocation
|
page execute and read and write
|
||
|
7B6E000
|
stack
|
page read and write
|
||
|
1467000
|
heap
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
1174000
|
heap
|
page read and write
|
||
|
9C0000
|
heap
|
page read and write
|
||
|
7CAE000
|
stack
|
page read and write
|
||
|
96C000
|
stack
|
page read and write
|
||
|
2C55000
|
trusted library allocation
|
page read and write
|
||
|
75CE000
|
stack
|
page read and write
|
||
|
A820000
|
trusted library allocation
|
page read and write
|
||
|
5423000
|
heap
|
page read and write
|
||
|
2F31000
|
trusted library allocation
|
page read and write
|
||
|
1281000
|
direct allocation
|
page execute and read and write
|
||
|
54D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
2D00000
|
trusted library allocation
|
page read and write
|
||
|
57B0000
|
heap
|
page read and write
|
||
|
960000
|
unkown
|
page readonly
|
There are 143 hidden memdumps, click here to show them.