IOC Report
SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe
"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Cerbu.210262.1524.886.exe"
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://aka.ms/vs/17/release/vc_redist.x64.exe
unknown
https://gitea.com
unknown
https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
unknown
https://www.nuget.org/packages/Newtonsoft.Json.Bson
unknown
http://gitea.comd
unknown
https://aka.ms/vs/17/release/vc_redist.x64.exeiWebView2
unknown
http://gitea.com
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown
https://aka.ms/vs/16/release/vc_redist.x64.exe#vc_redist.x64.exeiVisual
unknown
http://james.newtonking.com/projects/json
unknown
https://www.newtonsoft.com/jsonschema
unknown
https://gitea.com/quiving/Solara/raw/branch/main/Files/endpoint
18.166.250.135
There are 2 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
gitea.com
18.166.250.135

IPs

IP
Domain
Country
Malicious
18.166.250.135
gitea.com
United States

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\SecuriteInfo_RASMANCS
FileDirectory
There are 5 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
DB7000
trusted library allocation
page read and write
BFD000
trusted library allocation
page execute and read and write
5ACE000
stack
page read and write
D77000
trusted library allocation
page execute and read and write
DB0000
trusted library allocation
page read and write
790000
heap
page read and write
1090000
trusted library allocation
page read and write
5D8E000
stack
page read and write
C00000
heap
page read and write
103E000
stack
page read and write
BF3000
trusted library allocation
page execute and read and write
D72000
trusted library allocation
page read and write
298F000
stack
page read and write
DB4000
trusted library allocation
page read and write
2A0A000
trusted library allocation
page read and write
4EEE000
stack
page read and write
E02000
heap
page read and write
3991000
trusted library allocation
page read and write
2A2E000
trusted library allocation
page read and write
4FAE000
stack
page read and write
5E8F000
stack
page read and write
AF9000
stack
page read and write
FF0000
heap
page execute and read and write
D53000
trusted library allocation
page read and write
53FE000
stack
page read and write
DA0000
trusted library allocation
page execute and read and write
DCE000
heap
page read and write
DC0000
heap
page read and write
4EA5000
trusted library allocation
page read and write
FE6000
trusted library allocation
page read and write
2A11000
trusted library allocation
page read and write
10B0000
heap
page read and write
2A20000
trusted library allocation
page read and write
2991000
trusted library allocation
page read and write
BF4000
trusted library allocation
page read and write
4FB0000
heap
page execute and read and write
D67000
trusted library allocation
page execute and read and write
5B0E000
stack
page read and write
E79000
heap
page read and write
EAE000
heap
page read and write
5C0E000
stack
page read and write
4F6D000
stack
page read and write
DE7000
heap
page read and write
D7B000
trusted library allocation
page execute and read and write
5E90000
heap
page read and write
1270000
heap
page read and write
71C000
stack
page read and write
DCA000
heap
page read and write
5FCE000
stack
page read and write
5D4E000
stack
page read and write
4E7E000
trusted library allocation
page read and write
5C2000
unkown
page readonly
DBA000
trusted library allocation
page read and write
5C4E000
stack
page read and write
1080000
heap
page read and write
3997000
trusted library allocation
page read and write
BE0000
trusted library allocation
page read and write
2A32000
trusted library allocation
page read and write
E05000
heap
page read and write
107E000
stack
page read and write
E68000
heap
page read and write
52FF000
stack
page read and write
5C0000
unkown
page readonly
DF4000
heap
page read and write
FC0000
trusted library allocation
page read and write
780000
heap
page read and write
60CF000
stack
page read and write
68A000
unkown
page readonly
FE0000
trusted library allocation
page read and write
D6A000
trusted library allocation
page execute and read and write
4B2E000
stack
page read and write
51FE000
stack
page read and write
4F2E000
stack
page read and write
E4D000
heap
page read and write
There are 64 hidden memdumps, click here to show them.