Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
1Gvue8ItW8.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_1Gvue8ItW8.exe_7bc3b5b58e175b56deb741256a6753d5c1f43_7ae6c50f_5aa95db8-f190-41a7-b596-b18fc1c3b665\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE817.tmp.dmp
|
Mini DuMP crash report, 14 streams, Tue Jul 2 04:41:00 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE866.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8B5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\1Gvue8ItW8.exe
|
"C:\Users\user\Desktop\1Gvue8ItW8.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 268
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
justifycanddidatewd.shop
|
|||
marathonbeedksow.shop
|
|||
pleasurenarrowsdla.shop
|
|||
richardflorespoew.shop
|
|||
falseaudiencekd.shop
|
|||
feighminoritsjda.shop
|
|||
strwawrunnygjwu.shop
|
|||
raiseboltskdlwpow.shop
|
|||
backcreammykiel.shop
|
|||
https://raiseboltskdlwpow.shop/apib
|
unknown
|
||
https://feighminoritsjda.shop/
|
unknown
|
||
http://ocsp.entrust.net03
|
unknown
|
||
http://ocsp.entrust.net02
|
unknown
|
||
http://www.entrust.net/rpa03
|
unknown
|
||
http://aia.entrust.net/ts1-chain256.cer01
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://raiseboltskdlwpow.shop/
|
unknown
|
||
https://justifycanddidatewd.shop/%
|
unknown
|
||
https://richardflorespoew.shop/api
|
unknown
|
||
https://strwawrunnygjwu.shop/
|
unknown
|
||
https://marathonbeedksow.shop/
|
unknown
|
||
https://feighminoritsjda.shop/%
|
unknown
|
||
https://richardflorespoew.shop/
|
unknown
|
||
https://strwawrunnygjwu.shop/api
|
unknown
|
||
http://crl.entrust.net/ts1ca.crl0
|
unknown
|
||
https://justifycanddidatewd.shop/api
|
unknown
|
||
https://richardflorespoew.shop/:W=
|
unknown
|
||
http://crl.entrust.net/2048ca.crl0
|
unknown
|
||
https://www.entrust.net/rpa0
|
unknown
|
||
https://falseaudiencekd.shop/
|
unknown
|
||
https://raiseboltskdlwpow.shop/api
|
unknown
|
There are 21 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
justifycanddidatewd.shop
|
unknown
|
||
richardflorespoew.shop
|
unknown
|
||
strwawrunnygjwu.shop
|
unknown
|
||
falseaudiencekd.shop
|
unknown
|
||
raiseboltskdlwpow.shop
|
unknown
|
||
backcreammykiel.shop
|
unknown
|
||
marathonbeedksow.shop
|
unknown
|
||
feighminoritsjda.shop
|
unknown
|
||
pleasurenarrowsdla.shop
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
ProgramId
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
FileId
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
LowerCaseLongPath
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
LongPathHash
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Name
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
OriginalFileName
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Publisher
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Version
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
BinFileVersion
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
BinaryType
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
ProductName
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
ProductVersion
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
LinkDate
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
BinProductVersion
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
AppxPackageFullName
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Size
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Language
|
||
\REGISTRY\A\{0519628f-74ff-aca4-f1e2-98399340e00b}\Root\InventoryApplicationFile\1gvue8itw8.exe|5f94b566330f17cf
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
BC5000
|
unkown
|
page read and write
|
||
B30000
|
heap
|
page read and write
|
||
9D0000
|
direct allocation
|
page execute and read and write
|
||
2E6E000
|
stack
|
page read and write
|
||
28EE000
|
stack
|
page read and write
|
||
8CD000
|
stack
|
page read and write
|
||
AFC000
|
stack
|
page read and write
|
||
28AD000
|
stack
|
page read and write
|
||
27AE000
|
stack
|
page read and write
|
||
88F000
|
stack
|
page read and write
|
||
D30000
|
heap
|
page read and write
|
||
B00000
|
heap
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
E00000
|
heap
|
page read and write
|
||
B5E000
|
stack
|
page read and write
|
||
C15000
|
unkown
|
page readonly
|
||
B90000
|
unkown
|
page readonly
|
||
550000
|
heap
|
page read and write
|
||
C10000
|
heap
|
page read and write
|
||
C15000
|
heap
|
page read and write
|
||
D8E000
|
stack
|
page read and write
|
||
A1E000
|
stack
|
page read and write
|
||
2D6E000
|
stack
|
page read and write
|
||
1ED000
|
stack
|
page read and write
|
||
B91000
|
unkown
|
page execute read
|
||
B4B000
|
heap
|
page read and write
|
||
452000
|
remote allocation
|
page execute and read and write
|
||
69E000
|
heap
|
page read and write
|
||
640000
|
heap
|
page read and write
|
||
B3D000
|
heap
|
page read and write
|
||
B35000
|
heap
|
page read and write
|
||
B53000
|
heap
|
page read and write
|
||
D2E000
|
stack
|
page read and write
|
||
9CD000
|
stack
|
page read and write
|
||
7D0000
|
heap
|
page read and write
|
||
29EF000
|
stack
|
page read and write
|
||
BB9000
|
unkown
|
page readonly
|
||
BC5000
|
unkown
|
page write copy
|
||
690000
|
heap
|
page read and write
|
||
68E000
|
stack
|
page read and write
|
||
4FD000
|
stack
|
page read and write
|
||
26AF000
|
stack
|
page read and write
|
||
630000
|
heap
|
page read and write
|
||
76C000
|
stack
|
page read and write
|
||
C15000
|
unkown
|
page readonly
|
||
D1F000
|
stack
|
page read and write
|
||
B1F000
|
stack
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
B0A000
|
heap
|
page read and write
|
||
B2B000
|
heap
|
page read and write
|
||
DCE000
|
stack
|
page read and write
|
||
B91000
|
unkown
|
page execute read
|
||
B90000
|
unkown
|
page readonly
|
||
69A000
|
heap
|
page read and write
|
||
B5E000
|
heap
|
page read and write
|
||
BB9000
|
unkown
|
page readonly
|
There are 46 hidden memdumps, click here to show them.