Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9ef9adec14cb67e5b93e280a93ea66df0288344_b85c1e09_f7cae732-7d63-4546-9e2f-a521c905854d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAADC.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Oct 23 05:23:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB5A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAB9A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_f53wo0an.uor.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mzknhxrs.f1a.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s1a1a0qn.4j4.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wikxdnls.0qy.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12389.27465.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 200
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
ProgramId
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
FileId
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
LongPathHash
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Name
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
OriginalFileName
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Publisher
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Version
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
BinFileVersion
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
BinaryType
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
ProductName
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
ProductVersion
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
LinkDate
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
BinProductVersion
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Size
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Language
|
||
|
\REGISTRY\A\{7a5d2bd6-f6a8-b40e-aa64-39481ef10181}\Root\InventoryApplicationFile\securiteinfo.com|d065dff8e30db911
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
56B2000
|
trusted library allocation
|
page read and write
|
||
|
14C6000
|
trusted library allocation
|
page execute and read and write
|
||
|
15E5000
|
heap
|
page read and write
|
||
|
DCBE000
|
stack
|
page read and write
|
||
|
31B9000
|
trusted library allocation
|
page read and write
|
||
|
14F0000
|
heap
|
page read and write
|
||
|
56A1000
|
trusted library allocation
|
page read and write
|
||
|
14AA000
|
heap
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
5AB0000
|
heap
|
page read and write
|
||
|
5A10000
|
heap
|
page read and write
|
||
|
1526000
|
heap
|
page read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
6450000
|
heap
|
page read and write
|
||
|
DA0E000
|
stack
|
page read and write
|
||
|
64D5000
|
heap
|
page read and write
|
||
|
5910000
|
heap
|
page execute and read and write
|
||
|
64A1000
|
heap
|
page read and write
|
||
|
5680000
|
trusted library allocation
|
page read and write
|
||
|
788D000
|
stack
|
page read and write
|
||
|
6444000
|
heap
|
page read and write
|
||
|
3170000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
6550000
|
heap
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
E1AE000
|
stack
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
41A9000
|
trusted library allocation
|
page read and write
|
||
|
16EF000
|
stack
|
page read and write
|
||
|
6587000
|
heap
|
page read and write
|
||
|
145E000
|
stack
|
page read and write
|
||
|
1480000
|
trusted library allocation
|
page read and write
|
||
|
792F000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
5AA0000
|
trusted library section
|
page readonly
|
||
|
569E000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
810E000
|
stack
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
51A8000
|
trusted library allocation
|
page read and write
|
||
|
1BDD000
|
direct allocation
|
page execute and read and write
|
||
|
56AD000
|
trusted library allocation
|
page read and write
|
||
|
7B70000
|
trusted library section
|
page read and write
|
||
|
14C2000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
820F000
|
stack
|
page read and write
|
||
|
3185000
|
trusted library allocation
|
page read and write
|
||
|
A97D000
|
stack
|
page read and write
|
||
|
6560000
|
heap
|
page read and write
|
||
|
5730000
|
heap
|
page read and write
|
||
|
778D000
|
stack
|
page read and write
|
||
|
5750000
|
trusted library allocation
|
page execute and read and write
|
||
|
7650000
|
heap
|
page read and write
|
||
|
7920000
|
trusted library allocation
|
page read and write
|
||
|
6458000
|
heap
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
49F6000
|
trusted library allocation
|
page read and write
|
||
|
173E000
|
stack
|
page read and write
|
||
|
41A1000
|
trusted library allocation
|
page read and write
|
||
|
568E000
|
trusted library allocation
|
page read and write
|
||
|
5AC0000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
heap
|
page read and write
|
||
|
635E000
|
stack
|
page read and write
|
||
|
149D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5CA0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1DF8000
|
direct allocation
|
page execute and read and write
|
||
|
1494000
|
trusted library allocation
|
page read and write
|
||
|
E20000
|
unkown
|
page readonly
|
||
|
3160000
|
trusted library allocation
|
page read and write
|
||
|
DDBF000
|
stack
|
page read and write
|
||
|
1C4E000
|
direct allocation
|
page execute and read and write
|
||
|
10CC000
|
stack
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
14D7000
|
trusted library allocation
|
page execute and read and write
|
||
|
F79000
|
stack
|
page read and write
|
||
|
1490000
|
trusted library allocation
|
page read and write
|
||
|
7C3D000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
56A6000
|
trusted library allocation
|
page read and write
|
||
|
14DB000
|
trusted library allocation
|
page execute and read and write
|
||
|
3150000
|
trusted library allocation
|
page read and write
|
||
|
1570000
|
heap
|
page read and write
|
||
|
E32C000
|
stack
|
page read and write
|
||
|
58F0000
|
trusted library allocation
|
page read and write
|
||
|
1AB0000
|
direct allocation
|
page execute and read and write
|
||
|
1D61000
|
direct allocation
|
page execute and read and write
|
||
|
5BEE000
|
stack
|
page read and write
|
||
|
6493000
|
heap
|
page read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
1537000
|
heap
|
page read and write
|
||
|
341A000
|
trusted library allocation
|
page read and write
|
||
|
12F7000
|
stack
|
page read and write
|
||
|
184E000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
DBBE000
|
stack
|
page read and write
|
||
|
4A31000
|
trusted library allocation
|
page read and write
|
||
|
3100000
|
heap
|
page execute and read and write
|
||
|
314B000
|
stack
|
page read and write
|
||
|
E06E000
|
stack
|
page read and write
|
||
|
A750000
|
heap
|
page read and write
|
||
|
11CC000
|
stack
|
page read and write
|
||
|
E42C000
|
stack
|
page read and write
|
||
|
5760000
|
trusted library allocation
|
page read and write
|
||
|
5A70000
|
trusted library section
|
page read and write
|
||
|
14FB000
|
heap
|
page read and write
|
||
|
568B000
|
trusted library allocation
|
page read and write
|
||
|
1533000
|
heap
|
page read and write
|
||
|
3347000
|
trusted library allocation
|
page read and write
|
||
|
156A000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
56F0000
|
heap
|
page read and write
|
||
|
5A6E000
|
stack
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
30F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
533C000
|
stack
|
page read and write
|
||
|
56E0000
|
trusted library allocation
|
page read and write
|
||
|
5A90000
|
trusted library allocation
|
page execute and read and write
|
||
|
7925000
|
trusted library allocation
|
page read and write
|
||
|
E2EE000
|
stack
|
page read and write
|
||
|
DF6E000
|
stack
|
page read and write
|
||
|
31A1000
|
trusted library allocation
|
page read and write
|
||
|
14FE000
|
heap
|
page read and write
|
||
|
E1EE000
|
stack
|
page read and write
|
||
|
5742000
|
trusted library allocation
|
page read and write
|
||
|
14BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
3180000
|
trusted library allocation
|
page read and write
|
||
|
A87D000
|
stack
|
page read and write
|
||
|
E0AE000
|
stack
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
5AD0000
|
trusted library allocation
|
page read and write
|
||
|
1D7D000
|
direct allocation
|
page execute and read and write
|
||
|
1D76000
|
direct allocation
|
page execute and read and write
|
||
|
14B3000
|
trusted library allocation
|
page read and write
|
||
|
D9CD000
|
stack
|
page read and write
|
||
|
3190000
|
heap
|
page read and write
|
||
|
5790000
|
trusted library allocation
|
page read and write
|
||
|
DDC0000
|
heap
|
page read and write
|
||
|
41E8000
|
trusted library allocation
|
page read and write
|
||
|
A740000
|
heap
|
page read and write
|
||
|
14CA000
|
trusted library allocation
|
page execute and read and write
|
||
|
1493000
|
trusted library allocation
|
page execute and read and write
|
||
|
E22000
|
unkown
|
page readonly
|
||
|
7C72000
|
trusted library allocation
|
page read and write
|
||
|
5684000
|
trusted library allocation
|
page read and write
|
||
|
1BD9000
|
direct allocation
|
page execute and read and write
|
||
|
64DA000
|
heap
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
58EB000
|
stack
|
page read and write
|
||
|
56C0000
|
trusted library allocation
|
page read and write
|
||
|
56F3000
|
heap
|
page read and write
|
There are 142 hidden memdumps, click here to show them.