Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_6e6eadf09e5df15c87284984570be6ade3b505d_3dd1b6c9_c1449c3f-c8bc-42d3-b24f-7fff82edf031\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E39.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Mar 29 10:38:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E97.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EF6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hcxuavqr.cz5.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyb2qoej.2zi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_thsoun34.4li.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tzvvh4of.br4.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 2 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe"
|
|
|
|
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe"
|
|
|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.19616.15130.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 200
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
ProgramId
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
FileId
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
LongPathHash
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Name
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
OriginalFileName
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Publisher
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Version
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
BinFileVersion
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
BinaryType
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
ProductName
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
ProductVersion
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
LinkDate
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
BinProductVersion
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Size
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Language
|
||
|
\REGISTRY\A\{b67c43de-697a-6918-ddbb-583dbac1eac5}\Root\InventoryApplicationFile\securiteinfo.com|ca502cd4c8d2e74d
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3341000
|
trusted library allocation
|
page read and write
|
|
|
|
74A0000
|
trusted library section
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
57C4000
|
trusted library allocation
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
B1AC000
|
stack
|
page read and write
|
||
|
4691000
|
trusted library allocation
|
page read and write
|
||
|
AB90000
|
heap
|
page read and write
|
||
|
5840000
|
heap
|
page execute and read and write
|
||
|
14EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5C31000
|
heap
|
page read and write
|
||
|
168D000
|
direct allocation
|
page execute and read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
14B0000
|
trusted library allocation
|
page read and write
|
||
|
4341000
|
trusted library allocation
|
page read and write
|
||
|
1770000
|
trusted library allocation
|
page read and write
|
||
|
1551000
|
heap
|
page read and write
|
||
|
59D0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13C0000
|
heap
|
page read and write
|
||
|
15D9000
|
heap
|
page read and write
|
||
|
5820000
|
heap
|
page read and write
|
||
|
AF4E000
|
stack
|
page read and write
|
||
|
4349000
|
trusted library allocation
|
page read and write
|
||
|
1544000
|
heap
|
page read and write
|
||
|
B420000
|
trusted library allocation
|
page execute and read and write
|
||
|
57DE000
|
trusted library allocation
|
page read and write
|
||
|
57E6000
|
trusted library allocation
|
page read and write
|
||
|
5950000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
trusted library allocation
|
page read and write
|
||
|
1020000
|
heap
|
page read and write
|
||
|
1720000
|
trusted library allocation
|
page execute and read and write
|
||
|
1780000
|
trusted library allocation
|
page read and write
|
||
|
1790000
|
heap
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
B3EE000
|
stack
|
page read and write
|
||
|
4652000
|
trusted library allocation
|
page read and write
|
||
|
1760000
|
trusted library allocation
|
page read and write
|
||
|
57ED000
|
trusted library allocation
|
page read and write
|
||
|
154F000
|
heap
|
page read and write
|
||
|
599C000
|
stack
|
page read and write
|
||
|
7655000
|
trusted library allocation
|
page read and write
|
||
|
17A0000
|
trusted library allocation
|
page read and write
|
||
|
344B000
|
trusted library allocation
|
page read and write
|
||
|
14E2000
|
trusted library allocation
|
page read and write
|
||
|
1826000
|
direct allocation
|
page execute and read and write
|
||
|
14C3000
|
trusted library allocation
|
page read and write
|
||
|
43E5000
|
trusted library allocation
|
page read and write
|
||
|
5C00000
|
heap
|
page read and write
|
||
|
E5D000
|
stack
|
page read and write
|
||
|
14B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
ACCD000
|
stack
|
page read and write
|
||
|
1733000
|
heap
|
page read and write
|
||
|
1555000
|
heap
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
AB8D000
|
stack
|
page read and write
|
||
|
F22000
|
unkown
|
page readonly
|
||
|
5832000
|
trusted library allocation
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
33AA000
|
trusted library allocation
|
page read and write
|
||
|
15B7000
|
heap
|
page read and write
|
||
|
B2AC000
|
stack
|
page read and write
|
||
|
1730000
|
heap
|
page read and write
|
||
|
547C000
|
stack
|
page read and write
|
||
|
A88F000
|
stack
|
page read and write
|
||
|
338B000
|
trusted library allocation
|
page read and write
|
||
|
14B4000
|
trusted library allocation
|
page read and write
|
||
|
57C0000
|
trusted library allocation
|
page read and write
|
||
|
14D2000
|
trusted library allocation
|
page read and write
|
||
|
14BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1456000
|
heap
|
page read and write
|
||
|
A6CD000
|
stack
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
73A0000
|
heap
|
page read and write
|
||
|
7FBF000
|
stack
|
page read and write
|
||
|
A98F000
|
stack
|
page read and write
|
||
|
AF0E000
|
stack
|
page read and write
|
||
|
5C10000
|
heap
|
page read and write
|
||
|
14C0000
|
trusted library allocation
|
page read and write
|
||
|
18A8000
|
direct allocation
|
page execute and read and write
|
||
|
152F000
|
heap
|
page read and write
|
||
|
1367000
|
stack
|
page read and write
|
||
|
F5D000
|
stack
|
page read and write
|
||
|
ADCE000
|
stack
|
page read and write
|
||
|
7650000
|
trusted library allocation
|
page read and write
|
||
|
75E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5850000
|
trusted library allocation
|
page execute and read and write
|
||
|
1785000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
trusted library allocation
|
page read and write
|
||
|
1510000
|
heap
|
page read and write
|
||
|
1560000
|
direct allocation
|
page execute and read and write
|
||
|
75D0000
|
trusted library section
|
page read and write
|
||
|
16FE000
|
direct allocation
|
page execute and read and write
|
||
|
14CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
4FCB000
|
trusted library allocation
|
page read and write
|
||
|
14E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
151E000
|
heap
|
page read and write
|
||
|
4433000
|
trusted library allocation
|
page read and write
|
||
|
74EE000
|
heap
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
57CB000
|
trusted library allocation
|
page read and write
|
||
|
7EBE000
|
stack
|
page read and write
|
||
|
ABAA000
|
heap
|
page read and write
|
||
|
B2EE000
|
stack
|
page read and write
|
||
|
126A000
|
stack
|
page read and write
|
||
|
14E0000
|
trusted library allocation
|
page read and write
|
||
|
74CE000
|
heap
|
page read and write
|
||
|
F20000
|
unkown
|
page readonly
|
||
|
AE0E000
|
stack
|
page read and write
|
||
|
769E000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
1797000
|
heap
|
page read and write
|
||
|
9067000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
537B000
|
stack
|
page read and write
|
||
|
18DE000
|
stack
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
5890000
|
trusted library section
|
page readonly
|
||
|
AA8E000
|
stack
|
page read and write
|
||
|
57E1000
|
trusted library allocation
|
page read and write
|
||
|
451E000
|
trusted library allocation
|
page read and write
|
||
|
57F2000
|
trusted library allocation
|
page read and write
|
||
|
7AA2000
|
trusted library allocation
|
page read and write
|
||
|
19DF000
|
stack
|
page read and write
|
||
|
A68E000
|
stack
|
page read and write
|
||
|
7640000
|
trusted library allocation
|
page read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
1689000
|
direct allocation
|
page execute and read and write
|
||
|
59E5000
|
heap
|
page read and write
|
||
|
7FC0000
|
trusted library section
|
page read and write
|
||
|
75C0000
|
trusted library allocation
|
page read and write
|
||
|
750B000
|
heap
|
page read and write
|
||
|
74C0000
|
heap
|
page read and write
|
||
|
A6D0000
|
heap
|
page read and write
|
||
|
14D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
171E000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
15C3000
|
heap
|
page read and write
|
||
|
14DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
7600000
|
trusted library allocation
|
page execute and read and write
|
||
|
141E000
|
stack
|
page read and write
|
||
|
5BFE000
|
stack
|
page read and write
|
||
|
B04F000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
182D000
|
direct allocation
|
page execute and read and write
|
||
|
5860000
|
trusted library allocation
|
page execute and read and write
|
||
|
59B0000
|
trusted library allocation
|
page read and write
|
||
|
31FE000
|
stack
|
page read and write
|
||
|
4397000
|
trusted library allocation
|
page read and write
|
||
|
1811000
|
direct allocation
|
page execute and read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
1750000
|
heap
|
page execute and read and write
|
||
|
5A00000
|
heap
|
page read and write
|
||
|
31BE000
|
stack
|
page read and write
|
||
|
1537000
|
heap
|
page read and write
|
||
|
1598000
|
heap
|
page read and write
|
||
|
149E000
|
stack
|
page read and write
|
||
|
92FE000
|
stack
|
page read and write
|
||
|
5940000
|
heap
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
There are 150 hidden memdumps, click here to show them.