Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
bfINGx7hvL.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bfINGx7hvL.exe_9323de2f2a6f2f2bf9691b888041d1d3296010_0da6e983_efc1c1f2-ef10-4114-96e4-d1a284fc9b7c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bfINGx7hvL.exe_b2c5d0224beae675fda7c01c57cba19d402078_0da6e983_9c4e44b6-c5e5-47b8-8186-b9802dcb5e27\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_bfINGx7hvL.exe_d6c1667ab283d126154324f80fd21f5eda59e7d_0da6e983_01f5966f-efa9-4ec3-a2c8-5407a75e0685\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2297.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Sep 27 09:18:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23C1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER23E2.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7710.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Sep 27 09:18:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER780B.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER785B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER827A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Sep 27 09:18:51 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8308.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8328.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\bfINGx7hvL.exe
|
"C:\Users\user\Desktop\bfINGx7hvL.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 624
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 1760
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 200
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://defenddsouneuw.shop/api
|
188.114.97.3
|
|
|
|
covvercilverow.shop
|
|
||
|
pumpkinkwquo.shop
|
|
||
|
abortinoiwiam.shop
|
|
||
|
deallyharvenw.shop
|
|
||
|
defenddsouneuw.shop
|
|
||
|
priooozekw.shop
|
|
||
|
surroundeocw.shop
|
|
||
|
racedsuitreow.shop
|
|
||
|
candleduseiwo.shop
|
|
||
|
https://www.cloudflare.com/learning/access-management/phishing-attack/
|
unknown
|
||
|
https://defenddsouneuw.shop/pi/
|
unknown
|
||
|
https://defenddsouneuw.sho
|
unknown
|
||
|
https://defenddsouneuw.shop/
|
unknown
|
||
|
http://ocsp.thawte.com0
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://defenddsouneuw.shop:443/apid
|
unknown
|
||
|
http://www.privacy-drive.comx
|
unknown
|
||
|
https://www.thawte.com/cps0
|
unknown
|
||
|
https://www.cloudflare.com/5xx-error-landing
|
unknown
|
||
|
https://defenddsouneuw.shop/D
|
unknown
|
||
|
http://crl.thawte.com/ThawteTimestampingCA.crl0
|
unknown
|
||
|
https://www.thawte.com/cps0/
|
unknown
|
||
|
https://www.thawte.com/repository0W
|
unknown
|
||
|
https://www.cybertronsoft.com
|
unknown
|
||
|
http://crl.thawte.com/ThawtePremiumServerCA.crl0
|
unknown
|
||
|
https://defenddsouneuw.shop/Y
|
unknown
|
There are 17 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
defenddsouneuw.shop
|
188.114.97.3
|
|
|
|
racedsuitreow.shop
|
unknown
|
|
|
|
candleduseiwo.shop
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.97.3
|
defenddsouneuw.shop
|
European Union
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
ProgramId
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
FileId
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
LongPathHash
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Name
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
OriginalFileName
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Publisher
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Version
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
BinFileVersion
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
BinaryType
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
ProductName
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
ProductVersion
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
LinkDate
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
BinProductVersion
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Size
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Language
|
||
|
\REGISTRY\A\{c0568abe-9820-23cb-e1d3-97ab1f5f9a46}\Root\InventoryApplicationFile\bfingx7hvl.exe|faf9c59603d5f869
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00180011C1A9D998
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 15 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F70000
|
direct allocation
|
page execute and read and write
|
|
|
|
5B6D000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
100E000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
4261000
|
unclassified section
|
page execute read
|
||
|
1080000
|
heap
|
page read and write
|
||
|
19D0000
|
heap
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
636E000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
FD0000
|
trusted library allocation
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
11E0000
|
heap
|
page read and write
|
||
|
5539000
|
trusted library allocation
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
1559000
|
heap
|
page read and write
|
||
|
76AE000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
4230000
|
remote allocation
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
18D2000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
5570000
|
trusted library allocation
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
5AC000
|
unkown
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
42AC000
|
unclassified section
|
page readonly
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
104C000
|
stack
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
4230000
|
remote allocation
|
page read and write
|
||
|
5377000
|
trusted library allocation
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
76D0000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
1591000
|
heap
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
42B4000
|
unclassified section
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
19D8000
|
heap
|
page read and write
|
||
|
100000
|
heap
|
page read and write
|
||
|
7F2F000
|
stack
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
772E000
|
stack
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
422D000
|
stack
|
page read and write
|
||
|
431E000
|
stack
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
5C1000
|
unkown
|
page readonly
|
||
|
1091000
|
heap
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
4250000
|
heap
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
42BF000
|
unclassified section
|
page readonly
|
||
|
11CE000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
16D6000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
14EE000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
5C0000
|
unkown
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
435D000
|
stack
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
15A4000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
F0E000
|
stack
|
page read and write
|
||
|
4230000
|
remote allocation
|
page read and write
|
||
|
601000
|
unkown
|
page readonly
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
29EF000
|
stack
|
page read and write
|
||
|
14F5000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
601000
|
unkown
|
page readonly
|
||
|
536B000
|
stack
|
page read and write
|
||
|
4B6F000
|
stack
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
18D2000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
1084000
|
heap
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
||
|
21EF000
|
stack
|
page read and write
|
||
|
F4E000
|
stack
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
5AC000
|
unkown
|
page write copy
|
||
|
7F9D000
|
stack
|
page read and write
|
||
|
1084000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
19D0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
156E000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
1571000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
879E000
|
stack
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
6EAF000
|
stack
|
page read and write
|
||
|
ECD000
|
stack
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
1571000
|
heap
|
page read and write
|
||
|
42AF000
|
unclassified section
|
page write copy
|
||
|
1084000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
5AD000
|
unkown
|
page write copy
|
||
|
1591000
|
heap
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
15A5000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
1559000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
5CB000
|
unkown
|
page readonly
|
||
|
1084000
|
heap
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
1091000
|
heap
|
page read and write
|
||
|
552000
|
unkown
|
page readonly
|
||
|
157A000
|
heap
|
page read and write
|
||
|
157A000
|
heap
|
page read and write
|
||
|
4190000
|
direct allocation
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
5BA000
|
unkown
|
page read and write
|
||
|
156E000
|
heap
|
page read and write
|
||
|
1575000
|
heap
|
page read and write
|
||
|
14DA000
|
heap
|
page read and write
|
There are 148 hidden memdumps, click here to show them.