Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_819e5e45b8a757e26ca9bd44e6d9284b79b3342d_a5cec3f2_cc731495-7ed1-4e80-ae92-d0ff6260b0e3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FC.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER83.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 11 02:45:14 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 1496
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.37/p
|
unknown
|
|
|
|
http://185.215.113.37/
|
185.215.113.37
|
|
|
|
http://185.215.113.37
|
unknown
|
|
|
|
http://185.215.113.37/I
|
unknown
|
|
|
|
http://185.215.113.37/e2b1563c6670f193.php
|
|
||
|
http://185.215.113.37D
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.37
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProgramId
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
FileId
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LongPathHash
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Name
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Publisher
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Version
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinaryType
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductName
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductVersion
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LinkDate
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Size
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Language
|
|
|
|
\REGISTRY\A\{5a671991-26fe-41df-408c-25ffd85b28ac}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
154E000
|
heap
|
page read and write
|
|
|
|
AE1000
|
unkown
|
page execute and read and write
|
|
|
|
B7A000
|
unkown
|
page execute and read and write
|
|
|
|
52F0000
|
direct allocation
|
page read and write
|
|
|
|
4E71000
|
heap
|
page read and write
|
||
|
4D2F000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
332F000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1D4AE000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
3CEF000
|
stack
|
page read and write
|
||
|
1D87F000
|
stack
|
page read and write
|
||
|
FD2000
|
unkown
|
page execute and read and write
|
||
|
B42000
|
unkown
|
page execute and read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1D5EF000
|
stack
|
page read and write
|
||
|
3FAE000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
31F0000
|
direct allocation
|
page execute and read and write
|
||
|
5430000
|
direct allocation
|
page execute and read and write
|
||
|
40EE000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
542F000
|
stack
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4BEF000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
496F000
|
stack
|
page read and write
|
||
|
1DA00000
|
trusted library allocation
|
page read and write
|
||
|
B6F000
|
unkown
|
page execute and read and write
|
||
|
482F000
|
stack
|
page read and write
|
||
|
1D4EE000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
37EF000
|
stack
|
page read and write
|
||
|
472E000
|
stack
|
page read and write
|
||
|
1D36E000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
322B000
|
heap
|
page read and write
|
||
|
98C000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1D73C000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
532B000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
46EF000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
D3E000
|
unkown
|
page execute and read and write
|
||
|
392E000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4AAF000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
15B2000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
AE0000
|
unkown
|
page read and write
|
||
|
FE0000
|
unkown
|
page execute and write copy
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
11A0000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
D2A000
|
unkown
|
page execute and read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1590000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
3E2F000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1593000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E90000
|
heap
|
page read and write
|
||
|
117E000
|
unkown
|
page execute and write copy
|
||
|
A8E000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
B65000
|
unkown
|
page execute and read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
5440000
|
direct allocation
|
page execute and read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
15B0000
|
heap
|
page read and write
|
||
|
190E000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
FA2000
|
unkown
|
page execute and read and write
|
||
|
436E000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
45AF000
|
stack
|
page read and write
|
||
|
117D000
|
unkown
|
page execute and read and write
|
||
|
41EF000
|
stack
|
page read and write
|
||
|
180F000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
FE0000
|
unkown
|
page execute and read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
4F70000
|
trusted library allocation
|
page read and write
|
||
|
1D22F000
|
stack
|
page read and write
|
||
|
31AF000
|
stack
|
page read and write
|
||
|
1D8E3000
|
heap
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
5430000
|
direct allocation
|
page execute and read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
4E80000
|
heap
|
page read and write
|
||
|
382E000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
3A6F000
|
stack
|
page read and write
|
||
|
1D26E000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
14DE000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
40AF000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
36EE000
|
stack
|
page read and write
|
||
|
45EE000
|
stack
|
page read and write
|
||
|
446F000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
AE1000
|
unkown
|
page execute and write copy
|
||
|
346E000
|
stack
|
page read and write
|
||
|
3210000
|
direct allocation
|
page execute and read and write
|
||
|
44AE000
|
stack
|
page read and write
|
||
|
ECA000
|
unkown
|
page execute and read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
422E000
|
stack
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
B3A000
|
unkown
|
page execute and read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1530000
|
direct allocation
|
page read and write
|
||
|
143E000
|
stack
|
page read and write
|
||
|
31EE000
|
stack
|
page read and write
|
||
|
FE1000
|
unkown
|
page execute and write copy
|
||
|
1D12E000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
3D2E000
|
stack
|
page read and write
|
||
|
FC8000
|
unkown
|
page execute and read and write
|
||
|
3227000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4AEE000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
151C000
|
stack
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1D63D000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
15A6000
|
heap
|
page read and write
|
||
|
35AE000
|
stack
|
page read and write
|
||
|
3200000
|
direct allocation
|
page execute and read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
4E6F000
|
stack
|
page read and write
|
||
|
36AF000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1530000
|
direct allocation
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
3AAE000
|
stack
|
page read and write
|
||
|
396E000
|
stack
|
page read and write
|
||
|
AE0000
|
unkown
|
page readonly
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
B68000
|
unkown
|
page execute and read and write
|
||
|
A85000
|
stack
|
page read and write
|
||
|
15C2000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
3BAF000
|
stack
|
page read and write
|
||
|
49AE000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
342F000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
356F000
|
stack
|
page read and write
|
||
|
4C2E000
|
stack
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
3F6F000
|
stack
|
page read and write
|
||
|
4D6E000
|
stack
|
page read and write
|
||
|
432F000
|
stack
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
11F0000
|
heap
|
page read and write
|
||
|
1D3AE000
|
stack
|
page read and write
|
||
|
52B0000
|
heap
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
||
|
1D77D000
|
stack
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
1480000
|
direct allocation
|
page read and write
|
||
|
4E77000
|
heap
|
page read and write
|
||
|
3E6E000
|
stack
|
page read and write
|
||
|
3BEE000
|
stack
|
page read and write
|
||
|
5450000
|
direct allocation
|
page execute and read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
4E71000
|
heap
|
page read and write
|
||
|
147E000
|
stack
|
page read and write
|
||
|
486E000
|
stack
|
page read and write
|
||
|
1494000
|
heap
|
page read and write
|
There are 225 hidden memdumps, click here to show them.