Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
new shipment.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_new shipment.exe_cf9e7cdece334ae16e292f86892c8231666c6d1_259f3213_27c3b52c-8e6f-4e02-87e9-458d211d40c1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER92DB.tmp.dmp
|
Mini DuMP crash report, 15 streams, Fri Sep 27 14:01:09 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9434.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9464.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\new shipment.exe
|
"C:\Users\user\Desktop\new shipment.exe"
|
|
|
|
C:\Users\user\Desktop\new shipment.exe
|
"C:\Users\user\Desktop\new shipment.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 1528
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://aborters.duckdns.org:8081
|
unknown
|
|
|
|
http://anotherarmy.dns.army:8081
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
http://checkip.dyndns.org
|
unknown
|
||
|
http://checkip.dyndns.org/
|
132.226.8.169
|
||
|
http://checkip.dyndns.com
|
unknown
|
||
|
https://api.telegram.org/bot
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://varders.kozow.com:8081
|
unknown
|
||
|
http://checkip.dyndns.org/q
|
unknown
|
||
|
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
|
unknown
|
||
|
https://reallyfreegeoip.org/xml/
|
unknown
|
There are 2 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
checkip.dyndns.org
|
unknown
|
|
|
|
checkip.dyndns.com
|
132.226.8.169
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
132.226.8.169
|
checkip.dyndns.com
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
ProgramId
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
FileId
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
LongPathHash
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Name
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Publisher
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Version
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
BinaryType
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
ProductName
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
ProductVersion
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
LinkDate
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Size
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Language
|
|
|
|
\REGISTRY\A\{8298f890-4915-f8cf-9eff-120a5d6ff356}\Root\InventoryApplicationFile\new shipment.exe|76eaaa942b7254bd
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\new shipment_RASMANCS
|
FileDirectory
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3611000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
40A1000
|
trusted library allocation
|
page read and write
|
|
|
|
15C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
597E000
|
stack
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
2000000
|
trusted library allocation
|
page read and write
|
||
|
15C3000
|
trusted library allocation
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
1C9E000
|
stack
|
page read and write
|
||
|
5E1F000
|
stack
|
page read and write
|
||
|
309E000
|
stack
|
page read and write
|
||
|
6505000
|
heap
|
page read and write
|
||
|
15E7000
|
trusted library allocation
|
page execute and read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
784E000
|
stack
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
2F3E000
|
stack
|
page read and write
|
||
|
200B000
|
trusted library allocation
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
55D2000
|
trusted library allocation
|
page read and write
|
||
|
5600000
|
trusted library allocation
|
page read and write
|
||
|
1FA0000
|
heap
|
page read and write
|
||
|
64A0000
|
trusted library allocation
|
page read and write
|
||
|
5580000
|
trusted library allocation
|
page read and write
|
||
|
12BE000
|
heap
|
page read and write
|
||
|
1610000
|
heap
|
page read and write
|
||
|
1860000
|
trusted library allocation
|
page read and write
|
||
|
30A1000
|
trusted library allocation
|
page read and write
|
||
|
7610000
|
heap
|
page read and write
|
||
|
209E000
|
stack
|
page read and write
|
||
|
5740000
|
trusted library allocation
|
page read and write
|
||
|
4639000
|
trusted library allocation
|
page read and write
|
||
|
5750000
|
heap
|
page read and write
|
||
|
15B0000
|
trusted library allocation
|
page read and write
|
||
|
1C40000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
trusted library allocation
|
page read and write
|
||
|
59A0000
|
heap
|
page read and write
|
||
|
59C0000
|
trusted library allocation
|
page read and write
|
||
|
5590000
|
trusted library allocation
|
page read and write
|
||
|
59C3000
|
trusted library allocation
|
page read and write
|
||
|
5C10000
|
trusted library allocation
|
page read and write
|
||
|
444000
|
remote allocation
|
page execute and read and write
|
||
|
15CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1840000
|
trusted library allocation
|
page read and write
|
||
|
36D6000
|
trusted library allocation
|
page read and write
|
||
|
15B4000
|
trusted library allocation
|
page read and write
|
||
|
15D5000
|
heap
|
page read and write
|
||
|
12B0000
|
heap
|
page read and write
|
||
|
5BE0000
|
trusted library section
|
page read and write
|
||
|
794E000
|
stack
|
page read and write
|
||
|
18A0000
|
heap
|
page read and write
|
||
|
5753000
|
heap
|
page read and write
|
||
|
1850000
|
heap
|
page read and write
|
||
|
20DD000
|
stack
|
page read and write
|
||
|
1FF5000
|
trusted library allocation
|
page read and write
|
||
|
5B56000
|
heap
|
page read and write
|
||
|
156B000
|
heap
|
page read and write
|
||
|
55C1000
|
trusted library allocation
|
page read and write
|
||
|
1187000
|
stack
|
page read and write
|
||
|
6510000
|
heap
|
page read and write
|
||
|
5860000
|
trusted library allocation
|
page read and write
|
||
|
5AE0000
|
heap
|
page read and write
|
||
|
1470000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page execute and read and write
|
||
|
59C9000
|
trusted library allocation
|
page read and write
|
||
|
5E5E000
|
stack
|
page read and write
|
||
|
579E000
|
stack
|
page read and write
|
||
|
1320000
|
heap
|
page read and write
|
||
|
1205000
|
heap
|
page read and write
|
||
|
36D2000
|
trusted library allocation
|
page read and write
|
||
|
55E4000
|
trusted library allocation
|
page read and write
|
||
|
35A5000
|
trusted library allocation
|
page read and write
|
||
|
1385000
|
heap
|
page read and write
|
||
|
13AB000
|
heap
|
page read and write
|
||
|
68AF000
|
stack
|
page read and write
|
||
|
5BF0000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B08000
|
heap
|
page read and write
|
||
|
1867000
|
trusted library allocation
|
page execute and read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page execute and read and write
|
||
|
4615000
|
trusted library allocation
|
page read and write
|
||
|
1880000
|
trusted library allocation
|
page read and write
|
||
|
59C6000
|
trusted library allocation
|
page read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
7D12000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
1846000
|
trusted library allocation
|
page execute and read and write
|
||
|
761E000
|
heap
|
page read and write
|
||
|
35A7000
|
trusted library allocation
|
page read and write
|
||
|
6AAE000
|
stack
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
5D00000
|
heap
|
page read and write
|
||
|
6544000
|
heap
|
page read and write
|
||
|
523E000
|
stack
|
page read and write
|
||
|
55F0000
|
trusted library allocation
|
page read and write
|
||
|
1C50000
|
heap
|
page execute and read and write
|
||
|
5C70000
|
trusted library section
|
page readonly
|
||
|
6500000
|
heap
|
page read and write
|
||
|
55FF000
|
trusted library allocation
|
page read and write
|
||
|
15C4000
|
trusted library allocation
|
page read and write
|
||
|
35A1000
|
trusted library allocation
|
page read and write
|
||
|
55AB000
|
trusted library allocation
|
page read and write
|
||
|
1088000
|
stack
|
page read and write
|
||
|
59B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
1210000
|
heap
|
page read and write
|
||
|
5B29000
|
heap
|
page read and write
|
||
|
36BD000
|
trusted library allocation
|
page read and write
|
||
|
55A0000
|
trusted library allocation
|
page read and write
|
||
|
15B3000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F7E000
|
stack
|
page read and write
|
||
|
645E000
|
stack
|
page read and write
|
||
|
10FB000
|
stack
|
page read and write
|
||
|
1F9E000
|
stack
|
page read and write
|
||
|
17EE000
|
stack
|
page read and write
|
||
|
6460000
|
heap
|
page read and write
|
||
|
1D7D000
|
stack
|
page read and write
|
||
|
2050000
|
heap
|
page read and write
|
||
|
15DA000
|
trusted library allocation
|
page execute and read and write
|
||
|
15D0000
|
trusted library allocation
|
page read and write
|
||
|
5BD0000
|
heap
|
page execute and read and write
|
||
|
1890000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B2D000
|
stack
|
page read and write
|
||
|
D10000
|
unkown
|
page readonly
|
||
|
12BA000
|
heap
|
page read and write
|
||
|
184A000
|
trusted library allocation
|
page execute and read and write
|
||
|
6528000
|
heap
|
page read and write
|
||
|
1830000
|
trusted library allocation
|
page read and write
|
||
|
1D80000
|
trusted library allocation
|
page read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
5C6C000
|
stack
|
page read and write
|
||
|
D12000
|
unkown
|
page readonly
|
||
|
5605000
|
trusted library allocation
|
page read and write
|
||
|
36B5000
|
trusted library allocation
|
page read and write
|
||
|
65AE000
|
stack
|
page read and write
|
||
|
57A0000
|
trusted library section
|
page read and write
|
||
|
1D86000
|
trusted library allocation
|
page read and write
|
||
|
4611000
|
trusted library allocation
|
page read and write
|
||
|
94E0000
|
trusted library allocation
|
page read and write
|
||
|
5E9E000
|
stack
|
page read and write
|
||
|
15EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
5BAE000
|
stack
|
page read and write
|
||
|
9560000
|
trusted library allocation
|
page read and write
|
||
|
14D7000
|
heap
|
page read and write
|
||
|
36B8000
|
trusted library allocation
|
page read and write
|
||
|
5842000
|
trusted library allocation
|
page read and write
|
||
|
5749000
|
trusted library allocation
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
36C6000
|
trusted library allocation
|
page read and write
|
||
|
3134000
|
trusted library allocation
|
page read and write
|
||
|
2010000
|
trusted library allocation
|
page read and write
|
||
|
55CD000
|
trusted library allocation
|
page read and write
|
||
|
12F3000
|
heap
|
page read and write
|
||
|
5B1D000
|
heap
|
page read and write
|
||
|
5610000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
trusted library allocation
|
page read and write
|
||
|
5B19000
|
heap
|
page read and write
|
||
|
15BD000
|
trusted library allocation
|
page execute and read and write
|
||
|
55C6000
|
trusted library allocation
|
page read and write
|
||
|
35A3000
|
trusted library allocation
|
page read and write
|
||
|
12E5000
|
heap
|
page read and write
|
||
|
11F7000
|
stack
|
page read and write
|
||
|
15E2000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
3236000
|
trusted library allocation
|
page read and write
|
||
|
1591000
|
heap
|
page read and write
|
||
|
1E9E000
|
stack
|
page read and write
|
||
|
36C9000
|
trusted library allocation
|
page read and write
|
||
|
15D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
5B21000
|
heap
|
page read and write
|
||
|
5C00000
|
trusted library allocation
|
page read and write
|
||
|
1862000
|
trusted library allocation
|
page read and write
|
||
|
1650000
|
heap
|
page read and write
|
||
|
5844000
|
trusted library allocation
|
page read and write
|
||
|
1D90000
|
heap
|
page read and write
|
||
|
5B6E000
|
stack
|
page read and write
|
||
|
5820000
|
trusted library allocation
|
page read and write
|
||
|
69AF000
|
stack
|
page read and write
|
||
|
12DB000
|
heap
|
page read and write
|
||
|
780F000
|
stack
|
page read and write
|
||
|
1200000
|
heap
|
page read and write
|
||
|
182D000
|
stack
|
page read and write
|
||
|
64EE000
|
stack
|
page read and write
|
||
|
16EE000
|
stack
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
5870000
|
heap
|
page execute and read and write
|
||
|
21FF000
|
stack
|
page read and write
|
||
|
1627000
|
heap
|
page read and write
|
||
|
186B000
|
trusted library allocation
|
page execute and read and write
|
||
|
55BE000
|
trusted library allocation
|
page read and write
|
||
|
2F80000
|
trusted library allocation
|
page execute and read and write
|
||
|
14A8000
|
heap
|
page read and write
|
||
|
5743000
|
trusted library allocation
|
page read and write
|
||
|
15E0000
|
trusted library allocation
|
page read and write
|
||
|
5585000
|
trusted library allocation
|
page read and write
|
||
|
6520000
|
heap
|
page read and write
|
||
|
1630000
|
heap
|
page read and write
|
||
|
15CD000
|
trusted library allocation
|
page execute and read and write
|
There are 189 hidden memdumps, click here to show them.