Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_49131c5553ab0985a4fdbfde0de9912e33d9061_59192300_01590fdd-3a8c-471d-9264-b257603d8dd9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER30C.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jul 2 11:52:21 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER39B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1co14lln.gjl.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jm2ympui.smm.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kwsfdi3j.jtu.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wn1awjoj.mgy.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.20996.20747.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 200
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 17 hidden URLs, click here to show them.
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
ProgramId
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
FileId
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
LongPathHash
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Name
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
OriginalFileName
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Publisher
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Version
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
BinFileVersion
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
BinaryType
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
ProductName
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
ProductVersion
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
LinkDate
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
BinProductVersion
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Size
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Language
|
||
|
\REGISTRY\A\{04370fd6-c7cb-5182-91b8-c2ab147ee907}\Root\InventoryApplicationFile\securiteinfo.com|38eeba662037c4c8
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
137E000
|
direct allocation
|
page execute and read and write
|
||
|
7560000
|
trusted library allocation
|
page execute and read and write
|
||
|
52F0000
|
trusted library allocation
|
page read and write
|
||
|
75AD000
|
stack
|
page read and write
|
||
|
2BC4000
|
trusted library allocation
|
page read and write
|
||
|
50B0000
|
trusted library allocation
|
page read and write
|
||
|
78A0000
|
trusted library allocation
|
page read and write
|
||
|
2982000
|
trusted library allocation
|
page read and write
|
||
|
29FE000
|
stack
|
page read and write
|
||
|
5310000
|
heap
|
page execute and read and write
|
||
|
52D0000
|
heap
|
page read and write
|
||
|
5130000
|
heap
|
page read and write
|
||
|
D37000
|
heap
|
page read and write
|
||
|
5096000
|
trusted library allocation
|
page read and write
|
||
|
55F5000
|
heap
|
page read and write
|
||
|
4D2C000
|
stack
|
page read and write
|
||
|
2950000
|
trusted library allocation
|
page read and write
|
||
|
2C45000
|
trusted library allocation
|
page read and write
|
||
|
2E96000
|
trusted library allocation
|
page read and write
|
||
|
C80000
|
heap
|
page read and write
|
||
|
CF7000
|
stack
|
page read and write
|
||
|
298A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5270000
|
trusted library section
|
page readonly
|
||
|
296D000
|
trusted library allocation
|
page execute and read and write
|
||
|
B10000
|
heap
|
page read and write
|
||
|
2A50000
|
trusted library allocation
|
page execute and read and write
|
||
|
5150000
|
trusted library allocation
|
page execute and read and write
|
||
|
10CCE000
|
stack
|
page read and write
|
||
|
10A8E000
|
stack
|
page read and write
|
||
|
1491000
|
direct allocation
|
page execute and read and write
|
||
|
56FE000
|
stack
|
page read and write
|
||
|
52CB000
|
stack
|
page read and write
|
||
|
52E0000
|
heap
|
page read and write
|
||
|
2963000
|
trusted library allocation
|
page execute and read and write
|
||
|
1094D000
|
stack
|
page read and write
|
||
|
5223000
|
heap
|
page read and write
|
||
|
1067E000
|
stack
|
page read and write
|
||
|
74EE000
|
stack
|
page read and write
|
||
|
50A2000
|
trusted library allocation
|
page read and write
|
||
|
D00000
|
heap
|
page read and write
|
||
|
2B91000
|
trusted library allocation
|
page read and write
|
||
|
5DCE000
|
heap
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
||
|
10B8E000
|
stack
|
page read and write
|
||
|
106BD000
|
stack
|
page read and write
|
||
|
299B000
|
trusted library allocation
|
page execute and read and write
|
||
|
5091000
|
trusted library allocation
|
page read and write
|
||
|
119F000
|
stack
|
page read and write
|
||
|
54A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
109E000
|
stack
|
page read and write
|
||
|
105E000
|
stack
|
page read and write
|
||
|
5070000
|
trusted library allocation
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
D30000
|
heap
|
page read and write
|
||
|
7830000
|
trusted library allocation
|
page read and write
|
||
|
1528000
|
direct allocation
|
page execute and read and write
|
||
|
2992000
|
trusted library allocation
|
page read and write
|
||
|
6EB2000
|
trusted library allocation
|
page read and write
|
||
|
2997000
|
trusted library allocation
|
page execute and read and write
|
||
|
2A00000
|
heap
|
page execute and read and write
|
||
|
3B91000
|
trusted library allocation
|
page read and write
|
||
|
456E000
|
trusted library allocation
|
page read and write
|
||
|
4C20000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
trusted library allocation
|
page read and write
|
||
|
7290000
|
heap
|
page read and write
|
||
|
73D8000
|
heap
|
page read and write
|
||
|
760E000
|
stack
|
page read and write
|
||
|
4483000
|
trusted library allocation
|
page read and write
|
||
|
2986000
|
trusted library allocation
|
page execute and read and write
|
||
|
14AD000
|
direct allocation
|
page execute and read and write
|
||
|
EE0D000
|
trusted library allocation
|
page read and write
|
||
|
507B000
|
trusted library allocation
|
page read and write
|
||
|
5140000
|
trusted library allocation
|
page read and write
|
||
|
7AD000
|
stack
|
page read and write
|
||
|
2B8F000
|
stack
|
page read and write
|
||
|
130D000
|
direct allocation
|
page execute and read and write
|
||
|
D50000
|
heap
|
page read and write
|
||
|
7405000
|
heap
|
page read and write
|
||
|
509D000
|
trusted library allocation
|
page read and write
|
||
|
2960000
|
trusted library allocation
|
page read and write
|
||
|
5230000
|
trusted library allocation
|
page read and write
|
||
|
D5E000
|
heap
|
page read and write
|
||
|
5D90000
|
heap
|
page read and write
|
||
|
50F0000
|
trusted library allocation
|
page read and write
|
||
|
14A6000
|
direct allocation
|
page execute and read and write
|
||
|
1057D000
|
stack
|
page read and write
|
||
|
107BE000
|
stack
|
page read and write
|
||
|
29B0000
|
trusted library allocation
|
page read and write
|
||
|
5074000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
11E0000
|
direct allocation
|
page execute and read and write
|
||
|
88B0000
|
heap
|
page read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
74F0000
|
trusted library allocation
|
page read and write
|
||
|
5240000
|
trusted library allocation
|
page execute and read and write
|
||
|
2990000
|
trusted library allocation
|
page read and write
|
||
|
2A80000
|
heap
|
page read and write
|
||
|
10F4C000
|
stack
|
page read and write
|
||
|
55E0000
|
trusted library section
|
page read and write
|
||
|
297D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2970000
|
trusted library allocation
|
page read and write
|
||
|
5200000
|
trusted library allocation
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
50C0000
|
trusted library allocation
|
page read and write
|
||
|
D78000
|
heap
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
5DA0000
|
heap
|
page read and write
|
||
|
1309000
|
direct allocation
|
page execute and read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
7500000
|
trusted library section
|
page read and write
|
||
|
3B99000
|
trusted library allocation
|
page read and write
|
||
|
D92000
|
heap
|
page read and write
|
||
|
50D0000
|
trusted library allocation
|
page read and write
|
||
|
2BC2000
|
trusted library allocation
|
page read and write
|
||
|
C70000
|
heap
|
page read and write
|
||
|
7490000
|
trusted library section
|
page read and write
|
||
|
50C5000
|
trusted library allocation
|
page read and write
|
||
|
5280000
|
heap
|
page read and write
|
||
|
7510000
|
trusted library allocation
|
page read and write
|
||
|
DE3000
|
heap
|
page read and write
|
||
|
5142000
|
trusted library allocation
|
page read and write
|
||
|
729E000
|
heap
|
page read and write
|
||
|
508E000
|
trusted library allocation
|
page read and write
|
||
|
5250000
|
trusted library allocation
|
page read and write
|
||
|
9D0000
|
heap
|
page read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
2A4B000
|
stack
|
page read and write
|
||
|
2980000
|
trusted library allocation
|
page read and write
|
||
|
780F000
|
stack
|
page read and write
|
||
|
73B0000
|
heap
|
page read and write
|
||
|
9F0000
|
heap
|
page read and write
|
||
|
832000
|
unkown
|
page readonly
|
||
|
770E000
|
stack
|
page read and write
|
||
|
E22000
|
heap
|
page read and write
|
||
|
2973000
|
trusted library allocation
|
page read and write
|
||
|
55F0000
|
heap
|
page read and write
|
||
|
830000
|
unkown
|
page readonly
|
||
|
10D0E000
|
stack
|
page read and write
|
||
|
4435000
|
trusted library allocation
|
page read and write
|
||
|
D96000
|
heap
|
page read and write
|
||
|
43E7000
|
trusted library allocation
|
page read and write
|
||
|
2A60000
|
trusted library allocation
|
page read and write
|
||
|
10E4B000
|
stack
|
page read and write
|
||
|
10E0E000
|
stack
|
page read and write
|
||
|
10BCE000
|
stack
|
page read and write
|
||
|
7EF60000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C4D000
|
trusted library allocation
|
page read and write
|
||
|
5490000
|
trusted library allocation
|
page execute and read and write
|
||
|
2964000
|
trusted library allocation
|
page read and write
|
||
|
10A4E000
|
stack
|
page read and write
|
||
|
9B5E000
|
stack
|
page read and write
|
||
|
97A000
|
stack
|
page read and write
|
||
|
6E90000
|
trusted library allocation
|
page read and write
|
There are 144 hidden memdumps, click here to show them.