Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_819e5e45b8a757e26ca9bd44e6d9284b79b3342d_a5cec3f2_f9e08bca-3b45-4977-9b29-af39d12daa7a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER355D.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 25 17:47:12 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36D5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3714.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 1500
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.37/
|
185.215.113.37
|
|
|
|
http://185.215.113.37/U
|
unknown
|
|
|
|
http://185.215.113.37
|
unknown
|
|
|
|
http://185.215.113.37/e2b1563c6670f193.php
|
|
||
|
http://185.215.113.37/7
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.37
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProgramId
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
FileId
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LongPathHash
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Name
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Publisher
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Version
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinaryType
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductName
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductVersion
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LinkDate
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Size
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Language
|
|
|
|
\REGISTRY\A\{0923fd40-8475-b3af-25f8-c502b3c1ad1b}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Usn
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
711000
|
unkown
|
page execute and read and write
|
|
|
|
7AA000
|
unkown
|
page execute and read and write
|
|
|
|
50C0000
|
direct allocation
|
page read and write
|
|
|
|
133E000
|
heap
|
page read and write
|
|
|
|
11F4000
|
heap
|
page read and write
|
||
|
3BFF000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
413E000
|
stack
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
3E7F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
711000
|
unkown
|
page execute and write copy
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
79F000
|
unkown
|
page execute and read and write
|
||
|
50A0000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
35FE000
|
stack
|
page read and write
|
||
|
C00000
|
unkown
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
5240000
|
direct allocation
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2FBB000
|
heap
|
page read and write
|
||
|
3AFE000
|
stack
|
page read and write
|
||
|
795000
|
unkown
|
page execute and read and write
|
||
|
1D30E000
|
stack
|
page read and write
|
||
|
5250000
|
direct allocation
|
page execute and read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
1D04F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4B3E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
130E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C50000
|
heap
|
page read and write
|
||
|
76A000
|
unkown
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
43BE000
|
stack
|
page read and write
|
||
|
44BF000
|
stack
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
5230000
|
direct allocation
|
page execute and read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
323E000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
50FB000
|
stack
|
page read and write
|
||
|
387E000
|
stack
|
page read and write
|
||
|
C0E000
|
unkown
|
page execute and read and write
|
||
|
427D000
|
stack
|
page read and write
|
||
|
BCF000
|
unkown
|
page execute and read and write
|
||
|
49FE000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
1D69C000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
49BF000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
5080000
|
trusted library allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1381000
|
heap
|
page read and write
|
||
|
337E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
156D000
|
stack
|
page read and write
|
||
|
423F000
|
stack
|
page read and write
|
||
|
1D2CE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
50C0000
|
direct allocation
|
page read and write
|
||
|
710000
|
unkown
|
page read and write
|
||
|
50C0000
|
direct allocation
|
page read and write
|
||
|
4C3F000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
30BF000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
152E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
45FF000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
115F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
437F000
|
stack
|
page read and write
|
||
|
5270000
|
direct allocation
|
page execute and read and write
|
||
|
1399000
|
heap
|
page read and write
|
||
|
95A000
|
unkown
|
page execute and read and write
|
||
|
5260000
|
direct allocation
|
page execute and read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
710000
|
unkown
|
page readonly
|
||
|
35BF000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
383F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
487F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
347F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C60000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
463E000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2FB0000
|
heap
|
page read and write
|
||
|
40FF000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
36FF000
|
stack
|
page read and write
|
||
|
11B0000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1D59D000
|
stack
|
page read and write
|
||
|
473F000
|
stack
|
page read and write
|
||
|
1CF4E000
|
stack
|
page read and write
|
||
|
166E000
|
stack
|
page read and write
|
||
|
13B2000
|
heap
|
page read and write
|
||
|
133A000
|
heap
|
page read and write
|
||
|
373E000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1D820000
|
trusted library allocation
|
page read and write
|
||
|
DAD000
|
unkown
|
page execute and read and write
|
||
|
3D3F000
|
stack
|
page read and write
|
||
|
BF8000
|
unkown
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
3C3E000
|
stack
|
page read and write
|
||
|
1D55D000
|
stack
|
page read and write
|
||
|
5210000
|
direct allocation
|
page execute and read and write
|
||
|
772000
|
unkown
|
page execute and read and write
|
||
|
5220000
|
direct allocation
|
page execute and read and write
|
||
|
5240000
|
direct allocation
|
page execute and read and write
|
||
|
3FBF000
|
stack
|
page read and write
|
||
|
333F000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
44FE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
34BE000
|
stack
|
page read and write
|
||
|
1D18F000
|
stack
|
page read and write
|
||
|
1D45D000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1D1CE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
477E000
|
stack
|
page read and write
|
||
|
3ABF000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
51FF000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
3EBE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F8C000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
397F000
|
stack
|
page read and write
|
||
|
1D703000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
96E000
|
unkown
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
1D40F000
|
stack
|
page read and write
|
||
|
C0E000
|
unkown
|
page execute and write copy
|
||
|
2E4E000
|
stack
|
page read and write
|
||
|
4C40000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
3FFE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
105C000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4AFF000
|
stack
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
13A3000
|
heap
|
page read and write
|
||
|
798000
|
unkown
|
page execute and read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
2FB7000
|
heap
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
1D08E000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
C0F000
|
unkown
|
page execute and write copy
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
39BE000
|
stack
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
AF1000
|
unkown
|
page execute and read and write
|
||
|
1155000
|
stack
|
page read and write
|
||
|
2F90000
|
direct allocation
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
4C41000
|
heap
|
page read and write
|
||
|
48BE000
|
stack
|
page read and write
|
There are 221 hidden memdumps, click here to show them.