Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_819e5e45b8a757e26ca9bd44e6d9284b79b3342d_a5cec3f2_bb69c780-d065-4a75-bb62-5fb254e94e22\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC14.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 25 20:43:29 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDD8C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDAD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 1472
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.37/
|
185.215.113.37
|
|
|
|
http://185.215.113.37/W8i
|
unknown
|
|
|
|
http://185.215.113.37
|
unknown
|
|
|
|
http://185.215.113.37/e2b1563c6670f193.php
|
|
||
|
http://185.215.113.37/k
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.37
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProgramId
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
FileId
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LongPathHash
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Name
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Publisher
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Version
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinaryType
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProductName
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
ProductVersion
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
LinkDate
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Size
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Language
|
|
|
|
\REGISTRY\A\{37c52c8e-6c7e-02e4-36ff-5e183d5e3aa0}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
|
Usn
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 13 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
4F00000
|
direct allocation
|
page read and write
|
|
|
|
11DE000
|
heap
|
page read and write
|
|
|
|
5A2000
|
unkown
|
page execute and read and write
|
|
|
|
5DA000
|
unkown
|
page execute and read and write
|
|
|
|
541000
|
unkown
|
page execute and read and write
|
|
|
|
A38000
|
unkown
|
page execute and write copy
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
F6E000
|
stack
|
page read and write
|
||
|
3E2E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
45AE000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
482E000
|
stack
|
page read and write
|
||
|
F65000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
32AF000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
5C5000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
A38000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
5050000
|
direct allocation
|
page execute and read and write
|
||
|
3F6E000
|
stack
|
page read and write
|
||
|
40AE000
|
stack
|
page read and write
|
||
|
496E000
|
stack
|
page read and write
|
||
|
A21000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
540000
|
unkown
|
page readonly
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1238000
|
heap
|
page read and write
|
||
|
BD5000
|
unkown
|
page execute and write copy
|
||
|
5070000
|
direct allocation
|
page execute and read and write
|
||
|
1CF8F000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
442F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4F3B000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A70000
|
heap
|
page read and write
|
||
|
37AF000
|
stack
|
page read and write
|
||
|
FC0000
|
heap
|
page read and write
|
||
|
4A6F000
|
stack
|
page read and write
|
||
|
1256000
|
heap
|
page read and write
|
||
|
31AE000
|
stack
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
446E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
11DA000
|
heap
|
page read and write
|
||
|
2E6F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
46EE000
|
stack
|
page read and write
|
||
|
5080000
|
direct allocation
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D6B000
|
heap
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
1CE8D000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
2CAC000
|
stack
|
page read and write
|
||
|
4A81000
|
heap
|
page read and write
|
||
|
1D3BD000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
432E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
47EF000
|
stack
|
page read and write
|
||
|
2D30000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
36AE000
|
stack
|
page read and write
|
||
|
1CE4F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
456F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
3F2F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
5060000
|
direct allocation
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
78A000
|
unkown
|
page execute and read and write
|
||
|
50A0000
|
direct allocation
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
41EE000
|
stack
|
page read and write
|
||
|
503F000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
3A6E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1D640000
|
trusted library allocation
|
page read and write
|
||
|
1D27E000
|
stack
|
page read and write
|
||
|
1D523000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
50B0000
|
direct allocation
|
page execute and read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
41AE000
|
stack
|
page read and write
|
||
|
32EE000
|
stack
|
page read and write
|
||
|
342E000
|
stack
|
page read and write
|
||
|
121F000
|
heap
|
page read and write
|
||
|
5080000
|
direct allocation
|
page execute and read and write
|
||
|
2C6E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D2E000
|
stack
|
page read and write
|
||
|
46AF000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1D37D000
|
stack
|
page read and write
|
||
|
352F000
|
stack
|
page read and write
|
||
|
3DEF000
|
stack
|
page read and write
|
||
|
1070000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
306F000
|
stack
|
page read and write
|
||
|
3BAE000
|
stack
|
page read and write
|
||
|
1221000
|
heap
|
page read and write
|
||
|
118E000
|
stack
|
page read and write
|
||
|
4F00000
|
direct allocation
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1D13E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
BD4000
|
unkown
|
page execute and read and write
|
||
|
1060000
|
heap
|
page read and write
|
||
|
2D67000
|
heap
|
page read and write
|
||
|
1D0CF000
|
stack
|
page read and write
|
||
|
91C000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
9FF000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
11D0000
|
heap
|
page read and write
|
||
|
1D4BD000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
2CEE000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
103E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
508E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
E6C000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
38EF000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
541000
|
unkown
|
page execute and write copy
|
||
|
2F6F000
|
stack
|
page read and write
|
||
|
37EE000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4F00000
|
direct allocation
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
A39000
|
unkown
|
page execute and write copy
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
33EF000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1247000
|
heap
|
page read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
A2A000
|
unkown
|
page execute and read and write
|
||
|
5CF000
|
unkown
|
page execute and read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
406F000
|
stack
|
page read and write
|
||
|
492F000
|
stack
|
page read and write
|
||
|
1D23F000
|
stack
|
page read and write
|
||
|
356E000
|
stack
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
13CF000
|
stack
|
page read and write
|
||
|
2D50000
|
direct allocation
|
page read and write
|
||
|
5C8000
|
unkown
|
page execute and read and write
|
||
|
3B6F000
|
stack
|
page read and write
|
||
|
5090000
|
direct allocation
|
page execute and read and write
|
||
|
59A000
|
unkown
|
page execute and read and write
|
||
|
366F000
|
stack
|
page read and write
|
||
|
121C000
|
heap
|
page read and write
|
||
|
4B70000
|
trusted library allocation
|
page read and write
|
||
|
316F000
|
stack
|
page read and write
|
||
|
42EF000
|
stack
|
page read and write
|
||
|
3A2F000
|
stack
|
page read and write
|
||
|
2D60000
|
heap
|
page read and write
|
||
|
79E000
|
unkown
|
page execute and read and write
|
||
|
1075000
|
heap
|
page read and write
|
||
|
4A71000
|
heap
|
page read and write
|
||
|
1CFCE000
|
stack
|
page read and write
|
||
|
540000
|
unkown
|
page read and write
|
||
|
3CAF000
|
stack
|
page read and write
|
There are 200 hidden memdumps, click here to show them.