Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Setup.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Setup.exe_Micros_f154a420552aadfd6edff887bcf8cd9d2c902934_d4e2a79c_4268ced3-467b-466a-a0fa-08bb7222a531\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF493.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 7 04:44:53 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF59E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5BE.tmp.xml
|
XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Setup.exe
|
"C:\Users\user\Desktop\Setup.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 636
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
||
licendfilteo.site
|
|||
studennotediw.stor
|
|||
methodbojjewkl.shop
|
|||
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
||
https://methodbojjewkl.shop/api
|
104.21.55.124
|
||
spirittunek.stor
|
|||
bathdoomgaz.stor
|
|||
dissapoiznw.stor
|
|||
eaglepawnoy.stor
|
|||
https://sergei-esenin.com/api
|
104.21.53.8
|
||
clearancek.site
|
|||
mobbipenju.stor
|
|||
https://steamcommunity.com/profiles/76561199724331900/badges
|
unknown
|
||
https://methodbojjewkl.shop/I1
|
unknown
|
||
https://mobbipenju.store/u
|
unknown
|
||
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
https://sergei-esenin.com/
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
|
unknown
|
||
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
|
unknown
|
||
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
|
unknown
|
||
https://sergei-esenin.com:443/apifiles/76561199724331900
|
unknown
|
||
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
https://mobbipenju.store/api
|
unknown
|
||
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
|
unknown
|
||
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
https://spirittunek.store/apiie
|
unknown
|
||
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
|
unknown
|
||
https://mobbipenju.store/e
|
unknown
|
||
https://store.steampowered.com/legal/
|
unknown
|
||
https://sergei-esenin.com/api6
|
unknown
|
There are 25 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
methodbojjewkl.shop
|
104.21.55.124
|
||
sergei-esenin.com
|
104.21.53.8
|
||
licendfilteo.site
|
unknown
|
||
clearancek.site
|
unknown
|
||
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
steamcommunity.com
|
104.102.49.254
|
||
s-part-0036.t-0009.t-msedge.net
|
13.107.246.64
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
eaglepawnoy.store
|
unknown
|
||
bathdoomgaz.store
|
unknown
|
||
spirittunek.store
|
unknown
|
||
studennotediw.store
|
unknown
|
||
mobbipenju.store
|
unknown
|
||
dissapoiznw.store
|
unknown
|
There are 4 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.21.53.8
|
sergei-esenin.com
|
United States
|
||
104.21.55.124
|
methodbojjewkl.shop
|
United States
|
||
104.102.49.254
|
steamcommunity.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
ProgramId
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
FileId
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
LowerCaseLongPath
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
LongPathHash
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Name
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
OriginalFileName
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Publisher
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Version
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
BinFileVersion
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
BinaryType
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
ProductName
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
ProductVersion
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
LinkDate
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
BinProductVersion
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
AppxPackageFullName
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Size
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Language
|
||
\REGISTRY\A\{cbbd026d-9b40-c4c3-2054-99cd20ac4c23}\Root\InventoryApplicationFile\setup.exe|22d58cc9f105fd09
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
928000
|
unkown
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
BD0000
|
heap
|
page read and write
|
||
10E0000
|
heap
|
page read and write
|
||
AFC000
|
stack
|
page read and write
|
||
E14000
|
heap
|
page read and write
|
||
12CA000
|
heap
|
page read and write
|
||
EFC000
|
stack
|
page read and write
|
||
299D000
|
stack
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
1040000
|
heap
|
page read and write
|
||
F6E000
|
stack
|
page read and write
|
||
CFF000
|
stack
|
page read and write
|
||
780000
|
heap
|
page read and write
|
||
12EB000
|
heap
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
981000
|
unkown
|
page read and write
|
||
D8D000
|
heap
|
page read and write
|
||
284E000
|
stack
|
page read and write
|
||
983000
|
unkown
|
page readonly
|
||
983000
|
unkown
|
page readonly
|
||
980000
|
unkown
|
page execute and read and write
|
||
D3E000
|
stack
|
page read and write
|
||
2F6F000
|
stack
|
page read and write
|
||
2890000
|
heap
|
page read and write
|
||
DB1000
|
heap
|
page read and write
|
||
E1B000
|
heap
|
page read and write
|
||
900000
|
unkown
|
page readonly
|
||
2E6E000
|
stack
|
page read and write
|
||
274D000
|
stack
|
page read and write
|
||
45E000
|
remote allocation
|
page execute and read and write
|
||
BF5000
|
heap
|
page read and write
|
||
D78000
|
heap
|
page read and write
|
||
7CE000
|
stack
|
page read and write
|
||
900000
|
unkown
|
page readonly
|
||
91E000
|
unkown
|
page readonly
|
||
E39000
|
heap
|
page read and write
|
||
B3C000
|
stack
|
page read and write
|
||
71C000
|
stack
|
page read and write
|
||
901000
|
unkown
|
page execute read
|
||
928000
|
unkown
|
page write copy
|
||
12C0000
|
heap
|
page read and write
|
||
1200000
|
heap
|
page read and write
|
||
2D1D000
|
stack
|
page read and write
|
||
BF0000
|
heap
|
page read and write
|
||
288D000
|
stack
|
page read and write
|
||
D9E000
|
heap
|
page read and write
|
||
2E1D000
|
stack
|
page read and write
|
||
BA0000
|
heap
|
page read and write
|
||
DB4000
|
heap
|
page read and write
|
||
901000
|
unkown
|
page execute read
|
||
12D9000
|
heap
|
page read and write
|
||
91E000
|
unkown
|
page readonly
|
||
7D0000
|
heap
|
page read and write
|
There are 44 hidden memdumps, click here to show them.