IOC Report
hBB2KnTndI

loading gif

Files

File Path
Type
Category
Malicious
hBB2KnTndI.exe
PE32 executable (console) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_hBB2KnTndI.exe_ad2fc02f1e967b8af8cf5fed27f1f4916534b2_362a01e9_181a7760\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
 malicious
C:\Users\user\AppData\Local\Temp\a10b8dfb5f\orxds.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66C6.tmp.dmp
Mini DuMP crash report, 14 streams, Mon May 30 02:33:16 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6957.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6B7B.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\hBB2KnTndI.exe
"C:\Users\user\Desktop\hBB2KnTndI.exe"
malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
 malicious
C:\Users\user\AppData\Local\Temp\a10b8dfb5f\orxds.exe
"C:\Users\user\AppData\Local\Temp\a10b8dfb5f\orxds.exe"
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 272

URLs

Name
IP
Malicious
http://gcc.gnu.org/bugs.html):
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
ProgramId
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
FileId
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
LowerCaseLongPath
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
LongPathHash
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
Name
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
Publisher
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
Version
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
BinFileVersion
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
BinaryType
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
ProductName
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
ProductVersion
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
LinkDate
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
BinProductVersion
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
Size
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
Language
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
IsPeFile
\REGISTRY\A\{b1c2ab10-7ad8-8a2c-ed85-65085f84b8ad}\Root\InventoryApplicationFile\hbb2kntndi.exe|3bf43472
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
0018800453F4626F
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
8B0000
direct allocation
page execute and read and write
 malicious
401000
remote allocation
page execute read
 malicious
4B7000
unkown
page read and write
 malicious
4B7000
unkown
page read and write
 malicious
4B7000
unkown
page read and write
 malicious
254000
unkown
page readonly
240000
unkown
page readonly
248C6770000
trusted library allocation
page read and write
241000
unkown
page execute read
47AE000
stack
page read and write
A51087E000
stack
page read and write
19C9E479000
heap
page read and write
2A05006D000
heap
page read and write
1B34BD20000
heap
page read and write
CC2C8FF000
stack
page read and write
19C9E493000
heap
page read and write
4EE000
unkown
page execute and read and write
19C9ED02000
heap
page read and write
19CA3890000
trusted library allocation
page read and write
19CA3C3F000
heap
page read and write
1E237E02000
trusted library allocation
page read and write
19CA3B90000
remote allocation
page read and write
19CA3CFE000
heap
page read and write
248C68C7000
heap
page read and write
920000
heap
page read and write
53B000
unkown
page readonly
1B34BE7B000
heap
page read and write
19C9F500000
trusted library section
page readonly
19C9E360000
heap
page read and write
1551B66E000
heap
page read and write
248C66D0000
heap
page read and write
252000
unkown
page write copy
43FC000
stack
page read and write
36524FE000
stack
page read and write
4F0000
unkown
page read and write
2A04FE20000
heap
page read and write
1551B642000
heap
page read and write
19C9EB30000
trusted library allocation
page read and write
1551B67B000
heap
page read and write
19C9F510000
trusted library section
page readonly
4F1000
unkown
page readonly
1E237651000
heap
page read and write
1551B657000
heap
page read and write
3E31FF000
stack
page read and write
248C6813000
heap
page read and write
1E237622000
heap
page read and write
6BC0000
heap
page read and write
248C66E0000
heap
page read and write
30000
heap
page read and write
CC2C2FF000
stack
page read and write
19C9E48E000
heap
page read and write
53B000
unkown
page readonly
3E2C7C000
stack
page read and write
19CA3A3E000
trusted library allocation
page read and write
248C6867000
heap
page read and write
186F2750000
remote allocation
page read and write
19CA3C55000
heap
page read and write
75C000
stack
page read and write
30000
unkown
page read and write
3E3AFF000
stack
page read and write
19C9E42A000
heap
page read and write
1060000
heap
page read and write
1E2375D0000
heap
page read and write
1551BE02000
trusted library allocation
page read and write
1551B613000
heap
page read and write
4F1000
unkown
page readonly
19CA3C86000
heap
page read and write
254000
unkown
page readonly
1551B65A000
heap
page read and write
1F6F67E000
stack
page read and write
1B34BF00000
heap
page read and write
19CA3A54000
trusted library allocation
page read and write
19CA3B60000
trusted library allocation
page read and write
241000
unkown
page execute read
252000
unkown
page write copy
170000
heap
page read and write
A510E7E000
stack
page read and write
19CA3A30000
trusted library allocation
page read and write
3E34FE000
stack
page read and write
8D0000
remote allocation
page read and write
19CA3C1C000
heap
page read and write
19CA3CFC000
heap
page read and write
241000
unkown
page execute read
397207F000
stack
page read and write
252000
unkown
page write copy
19CA3CDD000
heap
page read and write
19CA3A30000
trusted library allocation
page read and write
186F2750000
remote allocation
page read and write
19CA3A60000
trusted library allocation
page read and write
1E237600000
heap
page read and write
1F6F5FE000
stack
page read and write
186F2025000
heap
page read and write
4EE000
unkown
page execute and read and write
1B34C602000
trusted library allocation
page read and write
3971A7B000
stack
page read and write
186F2802000
trusted library allocation
page read and write
186F1F50000
heap
page read and write
99C000
stack
page read and write
4F1000
unkown
page readonly
401000
unkown
page execute read
A5108FE000
stack
page read and write
2A050113000
heap
page read and write
F25000
heap
page read and write
159000
heap
page read and write
1E237713000
heap
page read and write
150000
heap
page read and write
3651F0B000
stack
page read and write
1551B678000
heap
page read and write
2A050000000
heap
page read and write
401000
unkown
page execute read
19C9E476000
heap
page read and write
2A050602000
trusted library allocation
page read and write
186F1FF0000
trusted library allocation
page read and write
1551B663000
heap
page read and write
248C6913000
heap
page read and write
2A04FDC0000
heap
page read and write
19C9E48C000
heap
page read and write
241000
unkown
page execute read
19C9E470000
heap
page read and write
248C6888000
heap
page read and write
434000
remote allocation
page read and write
495A000
heap
page read and write
102E000
stack
page read and write
738E000
stack
page read and write
4EE000
unkown
page execute and read and write
1551B5C0000
trusted library allocation
page read and write
13E000
stack
page read and write
1551B685000
heap
page read and write
AA9827D000
stack
page read and write
1B34BD30000
heap
page read and write
248C7113000
heap
page read and write
1551B450000
heap
page read and write
1B34BF08000
heap
page read and write
19C9E4FB000
heap
page read and write
75C000
stack
page read and write
1F6F77E000
stack
page read and write
248C683E000
heap
page read and write
19CA3920000
trusted library allocation
page read and write
1B34BE3C000
heap
page read and write
1F6FBFD000
stack
page read and write
2A050002000
heap
page read and write
186F2059000
heap
page read and write
240000
unkown
page readonly
9D000
stack
page read and write
1551B626000
heap
page read and write
AA9847E000
stack
page read and write
2A050013000
heap
page read and write
1B34BE5E000
heap
page read and write
4F0000
unkown
page read and write
1E237602000
heap
page read and write
19C9F890000
trusted library allocation
page read and write
1BE000
stack
page read and write
170000
heap
page read and write
186F2750000
remote allocation
page read and write
248C68CA000
heap
page read and write
1551B65D000
heap
page read and write
1B34BE5C000
heap
page read and write
1E237663000
heap
page read and write
555000
unkown
page readonly
19C9F301000
trusted library allocation
page read and write
1E237560000
heap
page read and write
F20000
heap
page read and write
CF9000
stack
page read and write
CC2C5FB000
stack
page read and write
2A04FDB0000
heap
page read and write
3E2FFA000
stack
page read and write
1E237613000
heap
page read and write
19CA3B70000
trusted library allocation
page read and write
19CA3C62000
heap
page read and write
19C9EB40000
trusted library section
page read and write
19C9EC15000
heap
page read and write
1E237667000
heap
page read and write
537000
unkown
page write copy
254000
unkown
page readonly
AA9817F000
stack
page read and write
19CA38A0000
trusted library allocation
page read and write
AA9857E000
stack
page read and write
3971D7B000
stack
page read and write
19C9E413000
heap
page read and write
9D000
stack
page read and write
150000
heap
page read and write
19C9EC00000
heap
page read and write
1B34BE29000
heap
page read and write
AA9867F000
stack
page read and write
248C68B9000
heap
page read and write
4620000
remote allocation
page read and write
8E9000
direct allocation
page execute and read and write
1551B4C0000
heap
page read and write
E3E000
stack
page read and write
734F000
stack
page read and write
1F6F87E000
stack
page read and write
1067000
heap
page read and write
19C9F4F0000
trusted library section
page readonly
19C9F410000
trusted library allocation
page read and write
E1F000
stack
page read and write
555000
unkown
page readonly
42B000
remote allocation
page readonly
710F000
stack
page read and write
1551B631000
heap
page read and write
10CA000
heap
page read and write
1551B659000
heap
page read and write
1E237700000
heap
page read and write
19C9E43C000
heap
page read and write
1551B661000
heap
page read and write
2A05005B000
heap
page read and write
1551B67F000
heap
page read and write
3E367F000
stack
page read and write
8A0000
trusted library allocation
page read and write
1551B629000
heap
page read and write
6630000
heap
page read and write
1B34BF13000
heap
page read and write
4280000
heap
page read and write
19C9ED18000
heap
page read and write
920000
heap
page read and write
2A050073000
heap
page read and write
240000
unkown
page readonly
2A050087000
heap
page read and write
4620000
remote allocation
page read and write
C1F000
stack
page read and write
4CD0000
heap
page read and write
19CA3A50000
trusted library allocation
page read and write
C1F000
stack
page read and write
E1F000
stack
page read and write
92A000
heap
page read and write
186F1F60000
heap
page read and write
19C9F530000
trusted library section
page readonly
1551B655000
heap
page read and write
19CA3B80000
trusted library allocation
page read and write
F0000
trusted library allocation
page read and write
186F202A000
heap
page read and write
19C9E49E000
heap
page read and write
248C7002000
heap
page read and write
A51059C000
stack
page read and write
1B34BE87000
heap
page read and write
13E000
stack
page read and write
248C6800000
heap
page read and write
3E2E78000
stack
page read and write
240000
unkown
page readonly
19CA3B90000
remote allocation
page read and write
1B34BF02000
heap
page read and write
537000
unkown
page read and write
3E38FC000
stack
page read and write
400000
unkown
page readonly
254000
unkown
page readonly
125E000
stack
page read and write
19C9E525000
heap
page read and write
8D0000
remote allocation
page read and write
1551B63A000
heap
page read and write
19C9E4AD000
heap
page read and write
186F2000000
heap
page read and write
EE0000
heap
page read and write
E1F000
stack
page read and write
1F6F47B000
stack
page read and write
248C6829000
heap
page read and write
401000
unkown
page execute read
4620000
remote allocation
page read and write
19CA3A38000
trusted library allocation
page read and write
240000
unkown
page readonly
1089000
heap
page read and write
401000
unkown
page execute read
186F1FC0000
heap
page read and write
19C9ED00000
heap
page read and write
1B34BE51000
heap
page read and write
AA97CFA000
stack
page read and write
6BBE000
stack
page read and write
19C9ED59000
heap
page read and write
4F0000
unkown
page read and write
48EE000
stack
page read and write
A510B7B000
stack
page read and write
19C9ED13000
heap
page read and write
19C9ED18000
heap
page read and write
1E237702000
heap
page read and write
1B34BE64000
heap
page read and write
19C9E4A0000
heap
page read and write
439000
remote allocation
page readonly
2A050102000
heap
page read and write
19CA3C0F000
heap
page read and write
4290000
trusted library allocation
page read and write
400000
unkown
page readonly
1551B66A000
heap
page read and write
3E35FA000
stack
page read and write
AA97F7F000
stack
page read and write
1551B67C000
heap
page read and write
1E237570000
heap
page read and write
1551B702000
heap
page read and write
AA9877E000
stack
page read and write
E7E000
stack
page read and write
252000
unkown
page read and write
19CA3A51000
trusted library allocation
page read and write
19CA3CFA000
heap
page read and write
150000
heap
page read and write
1F6FAFD000
stack
page read and write
13E000
stack
page read and write
CC2C3FE000
stack
page read and write
19CA3B40000
trusted library allocation
page read and write
53B000
unkown
page readonly
19C9E513000
heap
page read and write
19CA3D00000
heap
page read and write
A510A7E000
stack
page read and write
1551B660000
heap
page read and write
1551B65C000
heap
page read and write
19CA3C88000
heap
page read and write
1551B460000
heap
page read and write
2A04FFF0000
trusted library allocation
page read and write
3E37FE000
stack
page read and write
248C6740000
heap
page read and write
CC2C17C000
stack
page read and write
1096000
heap
page read and write
537000
unkown
page read and write
19CA3CE4000
heap
page read and write
1551B640000
heap
page read and write
19CA3910000
trusted library allocation
page read and write
170000
heap
page read and write
252000
unkown
page write copy
1B34BE13000
heap
page read and write
4950000
heap
page read and write
A510C77000
stack
page read and write
36523FE000
stack
page read and write
19CA3B50000
trusted library allocation
page read and write
248C7100000
heap
page read and write
19CA3A70000
trusted library allocation
page read and write
19C9E400000
heap
page read and write
19CA3CA5000
heap
page read and write
CC2C57C000
stack
page read and write
A5109FC000
stack
page read and write
1BE000
stack
page read and write
1E23763C000
heap
page read and write
19CA3CA2000
heap
page read and write
48AF000
stack
page read and write
1551B665000
heap
page read and write
1551B63C000
heap
page read and write
920000
heap
page read and write
42FC000
stack
page read and write
1551B668000
heap
page read and write
400000
remote allocation
page readonly
19CA3D02000
heap
page read and write
19CA3C00000
heap
page read and write
254000
unkown
page readonly
3651F8E000
stack
page read and write
186F2102000
heap
page read and write
8A0000
trusted library allocation
page read and write
9D000
stack
page read and write
19CA3CEF000
heap
page read and write
1551B64D000
heap
page read and write
4B4F000
stack
page read and write
248C686D000
heap
page read and write
CC2BD1B000
stack
page read and write
1551B658000
heap
page read and write
19C9E502000
heap
page read and write
8A0000
trusted library allocation
page read and write
6B7E000
stack
page read and write
EA0000
heap
page read and write
C1F000
stack
page read and write
1551B664000
heap
page read and write
930000
trusted library allocation
page read and write
400000
unkown
page readonly
19CA3A74000
trusted library allocation
page read and write
2A050029000
heap
page read and write
1B34BE58000
heap
page read and write
400000
unkown
page readonly
248C6902000
heap
page read and write
537000
unkown
page read and write
CC2C9FE000
stack
page read and write
1551B656000
heap
page read and write
19C9E370000
heap
page read and write
19C9EC02000
heap
page read and write
1B34BE61000
heap
page read and write
2A050066000
heap
page read and write
4F1000
unkown
page readonly
3E377D000
stack
page read and write
1F6F6FF000
stack
page read and write
3E32FB000
stack
page read and write
19CA3B90000
remote allocation
page read and write
724E000
stack
page read and write
19C9ED59000
heap
page read and write
92A000
heap
page read and write
53B000
unkown
page readonly
19CA3C29000
heap
page read and write
AA97E7D000
stack
page read and write
1551B641000
heap
page read and write
1B34BE9A000
heap
page read and write
AA9837F000
stack
page read and write
555000
unkown
page readonly
2A050066000
heap
page read and write
241000
unkown
page execute read
AA978EB000
stack
page read and write
3E337F000
stack
page read and write
748C000
stack
page read and write
F0000
trusted library allocation
page read and write
1B34BE00000
heap
page read and write
186F203D000
heap
page read and write
248C6865000
heap
page read and write
1551B662000
heap
page read and write
1F6F9FF000
stack
page read and write
19CA3C4C000
heap
page read and write
19C9F520000
trusted library section
page readonly
CC2C47C000
stack
page read and write
159000
heap
page read and write
1F6F97D000
stack
page read and write
3E33FF000
stack
page read and write
AA9807F000
stack
page read and write
19CA3CF5000
heap
page read and write
700E000
stack
page read and write
19C9EF01000
trusted library allocation
page read and write
186F2013000
heap
page read and write
19CA3B00000
trusted library allocation
page read and write
19CA3B90000
trusted library allocation
page read and write
920000
heap
page read and write
36525FF000
stack
page read and write
30000
unkown
page read and write
19CA3A60000
trusted library allocation
page read and write
CC2C7FE000
stack
page read and write
1E237645000
heap
page read and write
555000
unkown
page readonly
1551B646000
heap
page read and write
A510D7F000
stack
page read and write
36526FE000
stack
page read and write
19C9E456000
heap
page read and write
19C9E3D0000
heap
page read and write
19C9F540000
trusted library section
page readonly
19C9E489000
heap
page read and write
F0000
trusted library allocation
page read and write
1B34BDC0000
trusted library allocation
page read and write
1E237628000
heap
page read and write
1551B600000
heap
page read and write
4760000
heap
page read and write
1551B66C000
heap
page read and write
3971F7B000
stack
page read and write
1E237679000
heap
page read and write
92A000
heap
page read and write
186F2002000
heap
page read and write
4B7000
unkown
page write copy
1B34BE5A000
heap
page read and write
1551B65E000
heap
page read and write
365227E000
stack
page read and write
3E30FA000
stack
page read and write
7110000
heap
page read and write
1E237D30000
trusted library allocation
page read and write
1B34BD90000
heap
page read and write
159000
heap
page read and write
CC2C6FD000
stack
page read and write
75C000
stack
page read and write
1BE000
stack
page read and write
2A05003F000
heap
page read and write
248C7139000
heap
page read and write
3E347F000
stack
page read and write
3971E7B000
stack
page read and write
There are 437 hidden memdumps, click here to show them.