Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_627613f0815f1b0ac6215d7e0736b0ea156ae_ac1d7699_60fafedb-d11a-4f30-9cc5-09fce4fd8737\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4161.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat May 4 21:22:53 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER41CF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER41F0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exe
|
"C:\Users\user\Desktop\SecuriteInfo.com.Variant.Lazy.387025.32273.29448.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 304
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2004,i,933034055865655216,15257279500262609899,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://www.google.com/async/ddljson?async=ntp:2
|
172.217.12.132
|
||
https://api.ip.sb/ip
|
unknown
|
||
https://www.google.com/async/newtab_promos
|
172.217.12.132
|
||
http://upx.sf.net
|
unknown
|
||
https://pastebin.com/raw/KE5Mft0T
|
172.67.19.24
|
||
https://play.google.com/log?format=json&hasfast=true&authuser=0
|
142.250.72.142
|
||
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
|
172.217.12.132
|
||
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
|
172.217.12.132
|
||
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
plus.l.google.com
|
172.217.12.142
|
||
www3.l.google.com
|
142.250.217.142
|
||
play.google.com
|
142.250.72.142
|
||
aifiller.sbs
|
116.203.6.63
|
||
www.google.com
|
172.217.12.132
|
||
pastebin.com
|
172.67.19.24
|
||
ogs.google.com
|
unknown
|
||
apis.google.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
172.217.14.78
|
unknown
|
United States
|
||
192.168.2.4
|
unknown
|
unknown
|
||
142.250.217.142
|
www3.l.google.com
|
United States
|
||
172.217.12.132
|
www.google.com
|
United States
|
||
104.20.4.235
|
unknown
|
United States
|
||
172.67.19.24
|
pastebin.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
116.203.6.63
|
aifiller.sbs
|
Germany
|
||
142.250.72.142
|
play.google.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASAPI32
|
FileDirectory
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableAutoFileTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
EnableConsoleTracing
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
ConsoleTracingMask
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
MaxFileSize
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegAsm_RASMANCS
|
FileDirectory
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
ProgramId
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
FileId
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
LowerCaseLongPath
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
LongPathHash
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Name
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
OriginalFileName
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Publisher
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Version
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
BinFileVersion
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
BinaryType
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
ProductName
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
ProductVersion
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
LinkDate
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
BinProductVersion
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
AppxPackageFullName
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Size
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Language
|
||
\REGISTRY\A\{6cc63993-a9e3-09c1-aaf3-af7fe1793886}\Root\InventoryApplicationFile\securiteinfo.com|8a7716b8efca5a01
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 26 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
C05000
|
unkown
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
DEE000
|
stack
|
page read and write
|
||
BF7000
|
unkown
|
page readonly
|
||
C21000
|
unkown
|
page readonly
|
||
10FC000
|
stack
|
page read and write
|
||
11D0000
|
heap
|
page read and write
|
||
143E000
|
stack
|
page read and write
|
||
C20000
|
unkown
|
page execute and read and write
|
||
130E000
|
heap
|
page read and write
|
||
12DE000
|
stack
|
page read and write
|
||
130A000
|
heap
|
page read and write
|
||
BD0000
|
unkown
|
page readonly
|
||
D2C000
|
stack
|
page read and write
|
||
153F000
|
stack
|
page read and write
|
||
BD0000
|
unkown
|
page readonly
|
||
C21000
|
unkown
|
page readonly
|
||
C05000
|
unkown
|
page write copy
|
||
D90000
|
heap
|
page read and write
|
||
131E000
|
heap
|
page read and write
|
||
BD1000
|
unkown
|
page execute read
|
||
C02000
|
unkown
|
page read and write
|
||
1300000
|
heap
|
page read and write
|
||
BD1000
|
unkown
|
page execute read
|
||
BF7000
|
unkown
|
page readonly
|
||
C02000
|
unkown
|
page write copy
|
There are 16 hidden memdumps, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
||
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|
||
https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en
|