Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
lCVFGKfczi.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_lCVFGKfczi.exe_dd6fc0a24c1ab7b4dde8979f3c28f822e740f212_5ff4b866_ea499fab-ca7d-4417-8dd7-5f26e4068e9c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MSBuild.exe_7d9f448d78fec3b9946c73ac6e84ff27254967c_027e51c2_10b3ea86-3d74-4b1d-ad98-bdc13251b496\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3616.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 7 16:46:09 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3674.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36A4.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9FAD.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 7 16:46:37 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA413.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA443.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\delays.tmp
|
ISO-8859 text, with very long lines (65536), with no line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\lCVFGKfczi.exe
|
"C:\Users\user\Desktop\lCVFGKfczi.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 276
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 1428
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://t.me/ae5ed
|
unknown
|
||
https://steamcommunity.com/profiles/76561199780418869
|
|||
http://lade.petperfectcare.com:80nfwqnfwovfdkhttps://steamcommunity.com/profiles/76561199780418869u5
|
unknown
|
||
https://t.me/ae5edu55uhttps://steamcommunity.com/profiles/76561199780418869sql.dllsqlp.dllMozilla/5.
|
unknown
|
||
http://lade.petperfectcare.com/
|
95.164.90.97
|
||
http://lade.petperfectcare.com:80e
|
unknown
|
||
http://lade.petperfectcare.com/f
|
unknown
|
||
http://lade.petperfectcare.com/c
|
unknown
|
||
http://cowod.hopto.org_DEBUG.zip/c
|
unknown
|
||
http://lade.petperfectcare.com:80t-Disposition:
|
unknown
|
||
http://lade.petperfectcare.com//(
|
unknown
|
||
http://lade.petperfectcare.com/4
|
unknown
|
||
http://lade.petperfectcare.com/T
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
http://lade.petperfectcare.com:80
|
unknown
|
||
http://lade.petperfectcare.com:80/sql.dllineID:
|
unknown
|
||
http://lade.petperfectcare.com:80/sql.dll
|
unknown
|
There are 7 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
lade.petperfectcare.com
|
95.164.90.97
|
||
bg.microsoft.map.fastly.net
|
199.232.214.172
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
95.164.90.97
|
lade.petperfectcare.com
|
Gibraltar
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
ProgramId
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
FileId
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
LowerCaseLongPath
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
LongPathHash
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Name
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
OriginalFileName
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Publisher
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Version
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
BinFileVersion
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
BinaryType
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
ProductName
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
ProductVersion
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
LinkDate
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
BinProductVersion
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
AppxPackageFullName
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Size
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Language
|
||
\REGISTRY\A\{be887d4f-a646-77b4-d344-fe3839192276}\Root\InventoryApplicationFile\lcvfgkfczi.exe|68eb23f8e3da5e47
|
Usn
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProgramId
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
FileId
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LowerCaseLongPath
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LongPathHash
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Name
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
OriginalFileName
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Publisher
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Version
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinFileVersion
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinaryType
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProductName
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
ProductVersion
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
LinkDate
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
BinProductVersion
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
AppxPackageFullName
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Size
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Language
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
IsOsComponent
|
||
\REGISTRY\A\{d352bbe1-c449-4b02-57e6-c182013ae8bf}\Root\InventoryApplicationFile\msbuild.exe|94596b7cc5f070ff
|
Usn
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
00188010B14E1677
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
There are 34 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
DED000
|
unkown
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
E7C000
|
stack
|
page read and write
|
||
110E000
|
stack
|
page read and write
|
||
17941000
|
heap
|
page read and write
|
||
DC0000
|
unkown
|
page readonly
|
||
178F9000
|
heap
|
page read and write
|
||
DED000
|
unkown
|
page write copy
|
||
5F0000
|
heap
|
page read and write
|
||
81AE000
|
stack
|
page read and write
|
||
178E0000
|
heap
|
page read and write
|
||
81E0000
|
heap
|
page read and write
|
||
1110000
|
heap
|
page read and write
|
||
1784C000
|
stack
|
page read and write
|
||
11F8000
|
heap
|
page read and write
|
||
1168000
|
heap
|
page read and write
|
||
81E7000
|
heap
|
page read and write
|
||
17943000
|
heap
|
page read and write
|
||
8150000
|
heap
|
page read and write
|
||
14FBF000
|
stack
|
page read and write
|
||
DC1000
|
unkown
|
page execute read
|
||
1160000
|
heap
|
page read and write
|
||
4B3000
|
remote allocation
|
page execute and read and write
|
||
4F0000
|
remote allocation
|
page execute and read and write
|
||
570000
|
heap
|
page read and write
|
||
48F000
|
remote allocation
|
page execute and read and write
|
||
104BF000
|
stack
|
page read and write
|
||
17909000
|
heap
|
page read and write
|
||
E4F000
|
unkown
|
page read and write
|
||
656000
|
remote allocation
|
page execute and read and write
|
||
580000
|
heap
|
page read and write
|
||
176AE000
|
stack
|
page read and write
|
||
53D000
|
stack
|
page read and write
|
||
1793C000
|
heap
|
page read and write
|
||
115D000
|
stack
|
page read and write
|
||
17850000
|
heap
|
page read and write
|
||
11DB000
|
heap
|
page read and write
|
||
467000
|
remote allocation
|
page execute and read and write
|
||
11AB000
|
heap
|
page read and write
|
||
F72000
|
stack
|
page read and write
|
||
463000
|
remote allocation
|
page execute and read and write
|
||
5FE000
|
heap
|
page read and write
|
||
43D000
|
stack
|
page read and write
|
||
1795B000
|
heap
|
page read and write
|
||
DE3000
|
unkown
|
page readonly
|
||
56B000
|
remote allocation
|
page execute and read and write
|
||
8BF000
|
stack
|
page read and write
|
||
81EE000
|
heap
|
page read and write
|
||
17952000
|
heap
|
page read and write
|
||
F7C000
|
stack
|
page read and write
|
||
5BDF000
|
stack
|
page read and write
|
||
DC1000
|
unkown
|
page execute read
|
||
178CE000
|
stack
|
page read and write
|
||
E4D000
|
unkown
|
page execute and read and write
|
||
811E000
|
stack
|
page read and write
|
||
4E6000
|
remote allocation
|
page execute and read and write
|
||
12A7D000
|
stack
|
page read and write
|
||
104FD000
|
stack
|
page read and write
|
||
FE0000
|
heap
|
page read and write
|
||
4EA000
|
remote allocation
|
page execute and read and write
|
||
1774B000
|
stack
|
page read and write
|
||
E50000
|
unkown
|
page readonly
|
||
670000
|
remote allocation
|
page execute and read and write
|
||
8FE000
|
stack
|
page read and write
|
||
DC0000
|
unkown
|
page readonly
|
||
1791B000
|
heap
|
page read and write
|
||
17AEE000
|
stack
|
page read and write
|
||
1500E000
|
stack
|
page read and write
|
||
1510F000
|
stack
|
page read and write
|
||
17945000
|
heap
|
page read and write
|
||
10C0000
|
heap
|
page read and write
|
||
5FA000
|
heap
|
page read and write
|
||
9FC0000
|
unclassified section
|
page read and write
|
||
11C5000
|
heap
|
page read and write
|
||
5CE000
|
stack
|
page read and write
|
||
46B000
|
remote allocation
|
page execute and read and write
|
||
550000
|
heap
|
page read and write
|
||
1516E000
|
stack
|
page read and write
|
||
E50000
|
unkown
|
page readonly
|
||
9EC0000
|
heap
|
page read and write
|
||
17947000
|
heap
|
page read and write
|
||
4EC000
|
remote allocation
|
page execute and read and write
|
||
1794A000
|
heap
|
page read and write
|
||
12A3D000
|
stack
|
page read and write
|
||
494000
|
remote allocation
|
page execute and read and write
|
||
178F0000
|
heap
|
page read and write
|
||
DE3000
|
unkown
|
page readonly
|
||
607000
|
heap
|
page read and write
|
||
9FF000
|
stack
|
page read and write
|
||
4D2000
|
remote allocation
|
page execute and read and write
|
There are 80 hidden memdumps, click here to show them.