Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
FNGAutoBackup.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_FNGAutoBackup.ex_1c6818e205888b582bff204e21bebcbf7cd69_806afe30_72ed49fa-e902-4481-947f-fa55e06985bd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE8D3.tmp.dmp
|
Mini DuMP crash report, 16 streams, Mon Dec 2 06:39:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA2C.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA7B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\FNGAutoBackup.exe
|
"C:\Users\user\Desktop\FNGAutoBackup.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7284 -s 804
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
s-part-0035.t-0009.t-msedge.net
|
13.107.246.63
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
ProgramId
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
FileId
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
LongPathHash
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Name
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
OriginalFileName
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Publisher
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Version
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
BinFileVersion
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
BinaryType
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
ProductName
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
ProductVersion
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
LinkDate
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
BinProductVersion
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Size
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Language
|
||
|
\REGISTRY\A\{82280ae7-6b66-c1b3-342e-381316f99411}\Root\InventoryApplicationFile\fngautobackup.ex|79a62a91e1728c50
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1791E310000
|
heap
|
page execute and read and write
|
||
|
17903DE0000
|
heap
|
page read and write
|
||
|
3F20EFE000
|
stack
|
page read and write
|
||
|
17903F95000
|
heap
|
page read and write
|
||
|
7FF887C13000
|
trusted library allocation
|
page execute and read and write
|
||
|
17903DAC000
|
heap
|
page read and write
|
||
|
17903E16000
|
heap
|
page read and write
|
||
|
3F210FF000
|
stack
|
page read and write
|
||
|
3F20941000
|
stack
|
page read and write
|
||
|
7FF887CC0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C1D000
|
trusted library allocation
|
page execute and read and write
|
||
|
17903DCD000
|
heap
|
page read and write
|
||
|
17903FE0000
|
heap
|
page read and write
|
||
|
3F20DFE000
|
stack
|
page read and write
|
||
|
17903E83000
|
heap
|
page read and write
|
||
|
7FF475DB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887DC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17905800000
|
trusted library allocation
|
page read and write
|
||
|
17915A03000
|
trusted library allocation
|
page read and write
|
||
|
17903E32000
|
heap
|
page read and write
|
||
|
17915A01000
|
trusted library allocation
|
page read and write
|
||
|
17903DE3000
|
heap
|
page read and write
|
||
|
3F211FE000
|
stack
|
page read and write
|
||
|
7FF887CCC000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F20FFD000
|
stack
|
page read and write
|
||
|
17905910000
|
heap
|
page execute and read and write
|
||
|
7FF887CF6000
|
trusted library allocation
|
page execute and read and write
|
||
|
3F20CFE000
|
stack
|
page read and write
|
||
|
17903FC0000
|
heap
|
page read and write
|
||
|
17903FA0000
|
heap
|
page read and write
|
||
|
7FF887CD0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17905813000
|
trusted library allocation
|
page read and write
|
||
|
17905810000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C20000
|
trusted library allocation
|
page read and write
|
||
|
17903DA6000
|
heap
|
page read and write
|
||
|
3F212FE000
|
stack
|
page read and write
|
||
|
17903EB0000
|
heap
|
page read and write
|
||
|
7FF887C2D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF887D30000
|
trusted library allocation
|
page execute and read and write
|
||
|
17905A01000
|
trusted library allocation
|
page read and write
|
||
|
179041B5000
|
heap
|
page read and write
|
||
|
7FF887C14000
|
trusted library allocation
|
page read and write
|
||
|
17903D20000
|
unkown
|
page readonly
|
||
|
7FF887C22000
|
trusted library allocation
|
page read and write
|
||
|
17915A09000
|
trusted library allocation
|
page read and write
|
||
|
17903DD4000
|
heap
|
page read and write
|
||
|
17903DA0000
|
heap
|
page read and write
|
||
|
179059F0000
|
heap
|
page read and write
|
||
|
17903D22000
|
unkown
|
page readonly
|
||
|
17903E2C000
|
heap
|
page read and write
|
||
|
17903F90000
|
heap
|
page read and write
|
||
|
7FF887DB0000
|
trusted library allocation
|
page read and write
|
||
|
179057E0000
|
trusted library allocation
|
page read and write
|
||
|
7FF887C24000
|
trusted library allocation
|
page read and write
|
||
|
17903D20000
|
unkown
|
page readonly
|
||
|
179041B0000
|
heap
|
page read and write
|
There are 46 hidden memdumps, click here to show them.