Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_5ebb57bd92d22f78fe98373a7ac393ea4d1fd2_e15faf63_4c96da8a-481f-4c37-9b32-0f3fff7b9979\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1262.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Mar 29 13:23:52 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14A5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER14C5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\freebl3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\mozglue.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\msvcp140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\nss3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\softokn3.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\sqlite3.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\vcruntime140.dll
|
PE32 executable (DLL) (console) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 3 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Win32.TrojanX-gen.18137.22438.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 992
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://89.238.170.230:80
|
|
||
|
http://89.238.170.230/
|
89.238.170.230
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
http://www.mozilla.com/en-US/blocklist/
|
unknown
|
||
|
http://89.238.170.230/m
|
unknown
|
||
|
https://mozilla.org0
|
unknown
|
||
|
http://89.238.170.230/w
|
unknown
|
||
|
http://www.sqlite.org/copyright.html.
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
89.238.170.230
|
unknown
|
United Kingdom
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
ProgramId
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
FileId
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
LongPathHash
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Name
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
OriginalFileName
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Publisher
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Version
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
BinFileVersion
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
BinaryType
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
ProductName
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
ProductVersion
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
LinkDate
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
BinProductVersion
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Size
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Language
|
||
|
\REGISTRY\A\{2ad23d17-12eb-678a-dd98-30ad4b6444da}\Root\InventoryApplicationFile\securiteinfo.com|e0947cfefea10c17
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
31E6000
|
trusted library allocation
|
page read and write
|
|
|
|
1586000
|
heap
|
page read and write
|
|
|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
1663000
|
trusted library allocation
|
page execute and read and write
|
||
|
FF0000
|
heap
|
page read and write
|
||
|
2F9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
17BF000
|
stack
|
page read and write
|
||
|
3A8F000
|
stack
|
page read and write
|
||
|
1455000
|
heap
|
page read and write
|
||
|
1670000
|
heap
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
3070000
|
heap
|
page execute and read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
1410000
|
heap
|
page read and write
|
||
|
5B9E000
|
stack
|
page read and write
|
||
|
2F90000
|
trusted library allocation
|
page read and write
|
||
|
349D000
|
stack
|
page read and write
|
||
|
153A000
|
heap
|
page read and write
|
||
|
141A000
|
heap
|
page read and write
|
||
|
1561000
|
heap
|
page read and write
|
||
|
143C000
|
heap
|
page read and write
|
||
|
30D0000
|
heap
|
page read and write
|
||
|
31E1000
|
trusted library allocation
|
page read and write
|
||
|
154E000
|
stack
|
page read and write
|
||
|
3040000
|
trusted library allocation
|
page execute and read and write
|
||
|
3264000
|
trusted library allocation
|
page read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
14FC000
|
stack
|
page read and write
|
||
|
12FA000
|
stack
|
page read and write
|
||
|
1664000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
F7C000
|
stack
|
page read and write
|
||
|
17C0000
|
trusted library allocation
|
page read and write
|
||
|
13D0000
|
heap
|
page read and write
|
||
|
5A5F000
|
stack
|
page read and write
|
||
|
15AD000
|
heap
|
page read and write
|
||
|
141E000
|
heap
|
page read and write
|
||
|
359E000
|
stack
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
384E000
|
stack
|
page read and write
|
||
|
163E000
|
stack
|
page read and write
|
||
|
1484000
|
heap
|
page read and write
|
||
|
16B0000
|
heap
|
page read and write
|
||
|
537E000
|
stack
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
398E000
|
stack
|
page read and write
|
||
|
EC2000
|
unkown
|
page readonly
|
||
|
1445000
|
heap
|
page read and write
|
||
|
303D000
|
stack
|
page read and write
|
||
|
164F000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
12FB000
|
stack
|
page read and write
|
||
|
16BE000
|
stack
|
page read and write
|
||
|
1452000
|
heap
|
page read and write
|
||
|
591E000
|
stack
|
page read and write
|
||
|
394F000
|
stack
|
page read and write
|
||
|
158E000
|
heap
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
31E5000
|
trusted library allocation
|
page execute and read and write
|
||
|
1650000
|
trusted library allocation
|
page read and write
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
2FFE000
|
stack
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
57FE000
|
stack
|
page read and write
|
||
|
150A000
|
heap
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
3060000
|
trusted library allocation
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
2FB0000
|
trusted library allocation
|
page read and write
|
||
|
41E1000
|
trusted library allocation
|
page read and write
|
||
|
3050000
|
trusted library allocation
|
page read and write
|
||
|
1500000
|
heap
|
page read and write
|
||
|
F6B000
|
stack
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
EC0000
|
unkown
|
page readonly
|
||
|
5810000
|
heap
|
page execute and read and write
|
||
|
166D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F97000
|
trusted library allocation
|
page execute and read and write
|
||
|
157F000
|
heap
|
page read and write
|
There are 71 hidden memdumps, click here to show them.