Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
rRFQ_025261-97382.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_5bfa5ea0315cdaca1a7b99df22c7fbd6fc2a1cb_d4dab669_9df69206-636c-4235-adee-284acc9437f2\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC640.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Jul 24 12:40:18 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC799.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7B9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autA153.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\autA193.tmp
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\brontothere
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\trickstress
|
FGDC-STD-001-1998
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\rRFQ_025261-97382.exe
|
"C:\Users\user\Desktop\rRFQ_025261-97382.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
|
"C:\Users\user\Desktop\rRFQ_025261-97382.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 1484
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.org/
|
158.101.44.242
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
158.101.44.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
158.101.44.242
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RegSvcs_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
ProgramId
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
FileId
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
LongPathHash
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Name
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
OriginalFileName
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Publisher
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Version
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
BinFileVersion
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
BinaryType
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
ProductName
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
ProductVersion
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
LinkDate
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
BinProductVersion
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Size
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Language
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
IsOsComponent
|
||
|
\REGISTRY\A\{cc77e875-d234-0570-ff8c-7acb40876916}\Root\InventoryApplicationFile\regsvcs.exe|bc5951771b601cae
|
Usn
|
There are 25 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2B41000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
system
|
page execute and read and write
|
|
|
|
4020000
|
direct allocation
|
page read and write
|
|
|
|
50BD000
|
stack
|
page read and write
|
||
|
19D6000
|
heap
|
page read and write
|
||
|
603E000
|
stack
|
page read and write
|
||
|
438E000
|
direct allocation
|
page read and write
|
||
|
1964000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
EED000
|
trusted library allocation
|
page execute and read and write
|
||
|
2C16000
|
trusted library allocation
|
page read and write
|
||
|
188C000
|
heap
|
page read and write
|
||
|
F10000
|
heap
|
page read and write
|
||
|
89B000
|
stack
|
page read and write
|
||
|
15BF000
|
stack
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
4319000
|
direct allocation
|
page read and write
|
||
|
211000
|
unkown
|
page execute read
|
||
|
317000
|
unkown
|
page readonly
|
||
|
244E000
|
stack
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
117E000
|
stack
|
page read and write
|
||
|
41F0000
|
direct allocation
|
page read and write
|
||
|
4173000
|
direct allocation
|
page read and write
|
||
|
51D0000
|
heap
|
page read and write
|
||
|
1360000
|
trusted library allocation
|
page read and write
|
||
|
19C5000
|
heap
|
page read and write
|
||
|
19B5000
|
heap
|
page read and write
|
||
|
136B000
|
trusted library allocation
|
page read and write
|
||
|
1117000
|
trusted library allocation
|
page execute and read and write
|
||
|
210000
|
unkown
|
page readonly
|
||
|
1996000
|
heap
|
page read and write
|
||
|
1130000
|
trusted library allocation
|
page read and write
|
||
|
18C9000
|
heap
|
page read and write
|
||
|
1003000
|
heap
|
page read and write
|
||
|
1858000
|
heap
|
page read and write
|
||
|
1989000
|
heap
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
997000
|
stack
|
page read and write
|
||
|
2A25000
|
trusted library allocation
|
page read and write
|
||
|
210000
|
unkown
|
page readonly
|
||
|
431D000
|
direct allocation
|
page read and write
|
||
|
1110000
|
trusted library allocation
|
page read and write
|
||
|
D1E000
|
stack
|
page read and write
|
||
|
F90000
|
heap
|
page read and write
|
||
|
1997000
|
heap
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
F29000
|
stack
|
page read and write
|
||
|
11A0000
|
trusted library allocation
|
page read and write
|
||
|
2E4000
|
unkown
|
page readonly
|
||
|
F00000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
heap
|
page read and write
|
||
|
F99000
|
heap
|
page read and write
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
507D000
|
stack
|
page read and write
|
||
|
41F0000
|
direct allocation
|
page read and write
|
||
|
EE4000
|
trusted library allocation
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
5490000
|
heap
|
page execute and read and write
|
||
|
D85000
|
heap
|
page read and write
|
||
|
1380000
|
trusted library allocation
|
page read and write
|
||
|
19B5000
|
heap
|
page read and write
|
||
|
569E000
|
stack
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
11B0000
|
trusted library allocation
|
page read and write
|
||
|
3B47000
|
trusted library allocation
|
page read and write
|
||
|
4080000
|
direct allocation
|
page read and write
|
||
|
559E000
|
stack
|
page read and write
|
||
|
204E000
|
stack
|
page read and write
|
||
|
43BE000
|
direct allocation
|
page read and write
|
||
|
1996000
|
heap
|
page read and write
|
||
|
188B000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
F4B000
|
heap
|
page read and write
|
||
|
15DD000
|
stack
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
2C02000
|
trusted library allocation
|
page read and write
|
||
|
519E000
|
stack
|
page read and write
|
||
|
2D2000
|
unkown
|
page readonly
|
||
|
189B000
|
heap
|
page read and write
|
||
|
4CDE000
|
stack
|
page read and write
|
||
|
2AC000
|
unkown
|
page readonly
|
||
|
FDE000
|
stack
|
page read and write
|
||
|
188B000
|
heap
|
page read and write
|
||
|
1180000
|
trusted library allocation
|
page execute and read and write
|
||
|
17B0000
|
heap
|
page read and write
|
||
|
2BEA000
|
trusted library allocation
|
page read and write
|
||
|
4319000
|
direct allocation
|
page read and write
|
||
|
19C5000
|
heap
|
page read and write
|
||
|
51E0000
|
heap
|
page read and write
|
||
|
29EE000
|
stack
|
page read and write
|
||
|
F18000
|
heap
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
1883000
|
heap
|
page read and write
|
||
|
15EF000
|
stack
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
F97000
|
heap
|
page read and write
|
||
|
2E4000
|
unkown
|
page readonly
|
||
|
1790000
|
direct allocation
|
page execute and read and write
|
||
|
317000
|
unkown
|
page readonly
|
||
|
FE0000
|
heap
|
page read and write
|
||
|
18E8000
|
heap
|
page read and write
|
||
|
F0A000
|
trusted library allocation
|
page execute and read and write
|
||
|
43BE000
|
direct allocation
|
page read and write
|
||
|
2AC000
|
unkown
|
page readonly
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
2A30000
|
heap
|
page execute and read and write
|
||
|
56DE000
|
stack
|
page read and write
|
||
|
15CF000
|
stack
|
page read and write
|
||
|
438E000
|
direct allocation
|
page read and write
|
||
|
15FF000
|
stack
|
page read and write
|
||
|
2DC000
|
unkown
|
page read and write
|
||
|
2C05000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
heap
|
page read and write
|
||
|
110E000
|
stack
|
page read and write
|
||
|
2D2000
|
unkown
|
page readonly
|
||
|
18B8000
|
heap
|
page read and write
|
||
|
1112000
|
trusted library allocation
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
2BF9000
|
trusted library allocation
|
page read and write
|
||
|
F2E000
|
heap
|
page read and write
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
18A9000
|
heap
|
page read and write
|
||
|
4319000
|
direct allocation
|
page read and write
|
||
|
431D000
|
direct allocation
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
4220000
|
direct allocation
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
2BEF000
|
trusted library allocation
|
page read and write
|
||
|
1996000
|
heap
|
page read and write
|
||
|
EE3000
|
trusted library allocation
|
page execute and read and write
|
||
|
188C000
|
heap
|
page read and write
|
||
|
3B69000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
system
|
page execute and read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
F48000
|
heap
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
1780000
|
heap
|
page read and write
|
||
|
4173000
|
direct allocation
|
page read and write
|
||
|
D6E000
|
stack
|
page read and write
|
||
|
1884000
|
heap
|
page read and write
|
||
|
434D000
|
direct allocation
|
page read and write
|
||
|
111B000
|
trusted library allocation
|
page execute and read and write
|
||
|
189D000
|
heap
|
page read and write
|
||
|
1714000
|
heap
|
page read and write
|
||
|
4050000
|
direct allocation
|
page read and write
|
||
|
5F3F000
|
stack
|
page read and write
|
||
|
5E3E000
|
stack
|
page read and write
|
||
|
43BE000
|
direct allocation
|
page read and write
|
||
|
41F0000
|
direct allocation
|
page read and write
|
||
|
3B41000
|
trusted library allocation
|
page read and write
|
||
|
19B6000
|
heap
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
FC9000
|
heap
|
page read and write
|
||
|
F06000
|
trusted library allocation
|
page execute and read and write
|
||
|
D80000
|
heap
|
page read and write
|
||
|
4349000
|
direct allocation
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
2E0000
|
unkown
|
page write copy
|
||
|
11B6000
|
trusted library allocation
|
page read and write
|
||
|
18C8000
|
heap
|
page read and write
|
||
|
41A3000
|
direct allocation
|
page read and write
|
||
|
E8F000
|
stack
|
page read and write
|
||
|
170E000
|
stack
|
page read and write
|
||
|
211000
|
unkown
|
page execute read
|
||
|
E90000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
2DC000
|
unkown
|
page write copy
|
||
|
438E000
|
direct allocation
|
page read and write
|
||
|
431D000
|
direct allocation
|
page read and write
|
||
|
1874000
|
heap
|
page read and write
|
||
|
2B3E000
|
stack
|
page read and write
|
||
|
2BE7000
|
trusted library allocation
|
page read and write
|
||
|
4173000
|
direct allocation
|
page read and write
|
There are 169 hidden memdumps, click here to show them.