Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe
|
PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_EDAQWHMNKLNXLSNR_8b24eb2be798293617edfc3ae28e8195bbcef6a_625cde3f_527febad-8d3b-40ad-9255-90c8b06da50a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF177.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Apr 18 00:37:40 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF262.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF2E0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
\Device\ConDrv
|
Non-ISO extended-ASCII text, with CRLF line terminators
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.PackedNET.2210.22049.14408.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 924
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
ProgramId
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
FileId
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
LowerCaseLongPath
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
LongPathHash
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Name
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
OriginalFileName
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Publisher
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Version
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
BinFileVersion
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
BinaryType
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
ProductName
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
ProductVersion
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
LinkDate
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
BinProductVersion
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
AppxPackageFullName
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Size
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Language
|
||
\REGISTRY\A\{2efb44af-0211-a8d0-fb5d-17beb26784bf}\Root\InventoryApplicationFile\securiteinfo.com|be680a77d22bd807
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
2CA1000
|
trusted library allocation
|
page read and write
|
||
1031000
|
heap
|
page read and write
|
||
2A5B000
|
trusted library allocation
|
page execute and read and write
|
||
F8E000
|
heap
|
page read and write
|
||
5350000
|
trusted library allocation
|
page execute and read and write
|
||
F70000
|
trusted library allocation
|
page read and write
|
||
FB6000
|
heap
|
page read and write
|
||
F80000
|
heap
|
page read and write
|
||
2ABE000
|
stack
|
page read and write
|
||
3CA1000
|
trusted library allocation
|
page read and write
|
||
2D53000
|
trusted library allocation
|
page read and write
|
||
EDE000
|
stack
|
page read and write
|
||
F6D000
|
trusted library allocation
|
page execute and read and write
|
||
E90000
|
heap
|
page read and write
|
||
E80000
|
heap
|
page read and write
|
||
980000
|
unkown
|
page readonly
|
||
F1E000
|
stack
|
page read and write
|
||
52FE000
|
stack
|
page read and write
|
||
1190000
|
heap
|
page read and write
|
||
2C40000
|
trusted library allocation
|
page read and write
|
||
118A000
|
trusted library allocation
|
page execute and read and write
|
||
129E000
|
stack
|
page read and write
|
||
2C90000
|
heap
|
page execute and read and write
|
||
2BFE000
|
stack
|
page read and write
|
||
5310000
|
heap
|
page execute and read and write
|
||
51BE000
|
stack
|
page read and write
|
||
C3C000
|
stack
|
page read and write
|
||
FF3000
|
heap
|
page read and write
|
||
12A0000
|
heap
|
page read and write
|
||
F8A000
|
heap
|
page read and write
|
||
2AD0000
|
heap
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
31A8000
|
trusted library allocation
|
page read and write
|
||
2AC0000
|
trusted library allocation
|
page execute and read and write
|
||
2AF0000
|
heap
|
page read and write
|
||
2C3E000
|
stack
|
page read and write
|
||
F64000
|
trusted library allocation
|
page read and write
|
||
982000
|
unkown
|
page readonly
|
||
2A50000
|
trusted library allocation
|
page read and write
|
||
54D0000
|
heap
|
page read and write
|
||
FAE000
|
heap
|
page read and write
|
||
F63000
|
trusted library allocation
|
page execute and read and write
|
||
52BF000
|
stack
|
page read and write
|
||
2C50000
|
trusted library allocation
|
page read and write
|
||
D34000
|
stack
|
page read and write
|
||
545E000
|
stack
|
page read and write
|
||
2A57000
|
trusted library allocation
|
page execute and read and write
|
||
FA9000
|
heap
|
page read and write
|
||
E96000
|
heap
|
page read and write
|
||
117F000
|
stack
|
page read and write
|
||
FC3000
|
heap
|
page read and write
|
||
2A70000
|
trusted library allocation
|
page read and write
|
||
4E3D000
|
stack
|
page read and write
|
||
2CDA000
|
trusted library allocation
|
page read and write
|
||
F50000
|
trusted library allocation
|
page read and write
|
There are 45 hidden memdumps, click here to show them.