Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_2629692fb444ff323da5747cc7838fca5f03cc_69b6eaaf_091d48ae-1c20-48f9-af73-92210d077bff\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA3E4.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Oct 29 15:34:31 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA433.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4B1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3yvixdhm.kad.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exfxrjgb.vdo.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kdo5bcnf.dck.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ngiebfdp.uf5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.3095.6094.2443.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 196
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
bg.microsoft.map.fastly.net
|
199.232.214.172
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
ProgramId
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
FileId
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
LongPathHash
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Name
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
OriginalFileName
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Publisher
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Version
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
BinFileVersion
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
BinaryType
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
ProductName
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
ProductVersion
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
LinkDate
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
BinProductVersion
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Size
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Language
|
||
|
\REGISTRY\A\{64d947ce-c966-46da-4a61-54208288d79e}\Root\InventoryApplicationFile\securiteinfo.com|e310f4c23ef523a5
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00188010F874E35A
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
EB4C000
|
stack
|
page read and write
|
||
|
6CE000
|
stack
|
page read and write
|
||
|
3441000
|
trusted library allocation
|
page read and write
|
||
|
2370000
|
trusted library allocation
|
page read and write
|
||
|
4E50000
|
trusted library allocation
|
page read and write
|
||
|
E26E000
|
stack
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
6D2000
|
trusted library allocation
|
page read and write
|
||
|
56D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4990000
|
trusted library allocation
|
page read and write
|
||
|
7340000
|
heap
|
page read and write
|
||
|
AFE0000
|
trusted library section
|
page read and write
|
||
|
8FE000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
1421000
|
direct allocation
|
page execute and read and write
|
||
|
348B000
|
trusted library allocation
|
page read and write
|
||
|
4950000
|
heap
|
page execute and read and write
|
||
|
E10000
|
heap
|
page read and write
|
||
|
3449000
|
trusted library allocation
|
page read and write
|
||
|
4A60000
|
trusted library allocation
|
page read and write
|
||
|
671C000
|
heap
|
page read and write
|
||
|
553000
|
trusted library allocation
|
page execute and read and write
|
||
|
3C99000
|
trusted library allocation
|
page read and write
|
||
|
6D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2420000
|
trusted library allocation
|
page read and write
|
||
|
E78F000
|
stack
|
page read and write
|
||
|
23B0000
|
trusted library allocation
|
page read and write
|
||
|
143D000
|
direct allocation
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
68E000
|
stack
|
page read and write
|
||
|
2360000
|
trusted library allocation
|
page execute and read and write
|
||
|
6728000
|
heap
|
page read and write
|
||
|
694E000
|
stack
|
page read and write
|
||
|
1299000
|
direct allocation
|
page execute and read and write
|
||
|
7F6000
|
heap
|
page read and write
|
||
|
23D1000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
heap
|
page read and write
|
||
|
23F0000
|
trusted library allocation
|
page read and write
|
||
|
AB7000
|
heap
|
page read and write
|
||
|
23CE000
|
trusted library allocation
|
page read and write
|
||
|
AC9E000
|
stack
|
page read and write
|
||
|
4E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
E7CE000
|
stack
|
page read and write
|
||
|
66F0000
|
trusted library allocation
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page execute and read and write
|
||
|
6AE0000
|
trusted library allocation
|
page read and write
|
||
|
6763000
|
heap
|
page read and write
|
||
|
EA0F000
|
stack
|
page read and write
|
||
|
677E000
|
heap
|
page read and write
|
||
|
245B000
|
trusted library allocation
|
page read and write
|
||
|
A4E000
|
stack
|
page read and write
|
||
|
E64F000
|
stack
|
page read and write
|
||
|
4976000
|
trusted library allocation
|
page read and write
|
||
|
554000
|
trusted library allocation
|
page read and write
|
||
|
23F5000
|
trusted library allocation
|
page read and write
|
||
|
E16E000
|
stack
|
page read and write
|
||
|
18A000
|
stack
|
page read and write
|
||
|
6DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
560000
|
trusted library allocation
|
page read and write
|
||
|
2430000
|
heap
|
page read and write
|
||
|
576000
|
heap
|
page read and write
|
||
|
235E000
|
stack
|
page read and write
|
||
|
6AF0000
|
trusted library allocation
|
page read and write
|
||
|
AFC000
|
stack
|
page read and write
|
||
|
4F7E000
|
heap
|
page read and write
|
||
|
6EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
4448000
|
trusted library allocation
|
page read and write
|
||
|
3CDC000
|
trusted library allocation
|
page read and write
|
||
|
4E3E000
|
stack
|
page read and write
|
||
|
78C000
|
stack
|
page read and write
|
||
|
66C0000
|
trusted library allocation
|
page read and write
|
||
|
49B0000
|
trusted library allocation
|
page read and write
|
||
|
7E0000
|
heap
|
page read and write
|
||
|
712F000
|
stack
|
page read and write
|
||
|
752E000
|
stack
|
page read and write
|
||
|
6710000
|
heap
|
page read and write
|
||
|
E50E000
|
stack
|
page read and write
|
||
|
A8C000
|
stack
|
page read and write
|
||
|
7F300000
|
trusted library allocation
|
page execute and read and write
|
||
|
743000
|
heap
|
page read and write
|
||
|
30000
|
unkown
|
page readonly
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
E68E000
|
stack
|
page read and write
|
||
|
45DC000
|
stack
|
page read and write
|
||
|
4970000
|
trusted library allocation
|
page read and write
|
||
|
25E0000
|
trusted library allocation
|
page read and write
|
||
|
66D0000
|
trusted library section
|
page read and write
|
||
|
6C52000
|
trusted library allocation
|
page read and write
|
||
|
26C4000
|
trusted library allocation
|
page read and write
|
||
|
4ACB000
|
stack
|
page read and write
|
||
|
23BB000
|
trusted library allocation
|
page read and write
|
||
|
6A10000
|
trusted library allocation
|
page execute and read and write
|
||
|
700000
|
heap
|
page read and write
|
||
|
32000
|
unkown
|
page readonly
|
||
|
6720000
|
heap
|
page read and write
|
||
|
6B4D000
|
stack
|
page read and write
|
||
|
6ADD000
|
stack
|
page read and write
|
||
|
677A000
|
heap
|
page read and write
|
||
|
4E65000
|
heap
|
page read and write
|
||
|
6A9D000
|
stack
|
page read and write
|
||
|
1170000
|
direct allocation
|
page execute and read and write
|
||
|
EE000
|
unkown
|
page readonly
|
||
|
E8CE000
|
stack
|
page read and write
|
||
|
4960000
|
heap
|
page read and write
|
||
|
6E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
14B8000
|
direct allocation
|
page execute and read and write
|
||
|
4F7000
|
stack
|
page read and write
|
||
|
4AD0000
|
trusted library section
|
page readonly
|
||
|
2441000
|
trusted library allocation
|
page read and write
|
||
|
4EA1000
|
heap
|
page read and write
|
||
|
6D0000
|
trusted library allocation
|
page read and write
|
||
|
4AE3000
|
heap
|
page read and write
|
||
|
23E2000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
530000
|
heap
|
page read and write
|
||
|
2380000
|
trusted library allocation
|
page read and write
|
||
|
4A70000
|
trusted library allocation
|
page execute and read and write
|
||
|
A90000
|
heap
|
page read and write
|
||
|
4AE0000
|
heap
|
page read and write
|
||
|
4E60000
|
heap
|
page read and write
|
||
|
EA4C000
|
stack
|
page read and write
|
||
|
4980000
|
trusted library allocation
|
page execute and read and write
|
||
|
23D6000
|
trusted library allocation
|
page read and write
|
||
|
9FF000
|
stack
|
page read and write
|
||
|
E54E000
|
stack
|
page read and write
|
||
|
4972000
|
trusted library allocation
|
page read and write
|
||
|
23DD000
|
trusted library allocation
|
page read and write
|
||
|
129D000
|
direct allocation
|
page execute and read and write
|
||
|
70E000
|
heap
|
page read and write
|
||
|
A00000
|
trusted library allocation
|
page read and write
|
||
|
130E000
|
direct allocation
|
page execute and read and write
|
||
|
728000
|
heap
|
page read and write
|
||
|
AD9D000
|
stack
|
page read and write
|
||
|
550000
|
trusted library allocation
|
page read and write
|
||
|
23A0000
|
heap
|
page execute and read and write
|
||
|
1436000
|
direct allocation
|
page execute and read and write
|
||
|
E40D000
|
stack
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
540000
|
trusted library allocation
|
page read and write
|
||
|
4C70000
|
heap
|
page read and write
|
||
|
6700000
|
trusted library allocation
|
page execute and read and write
|
||
|
E90E000
|
stack
|
page read and write
|
||
|
684E000
|
stack
|
page read and write
|
||
|
563000
|
trusted library allocation
|
page read and write
|
||
|
6752000
|
heap
|
page read and write
|
||
|
6A5E000
|
stack
|
page read and write
|
||
|
D10000
|
heap
|
page read and write
|
||
|
6716000
|
heap
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
55D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2400000
|
trusted library allocation
|
page read and write
|
||
|
70B000
|
heap
|
page read and write
|
||
|
747000
|
heap
|
page read and write
|
||
|
735000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
2390000
|
trusted library allocation
|
page read and write
|
There are 149 hidden memdumps, click here to show them.