Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_819e5e45b8a757e26ca9bd44e6d9284b79b3342d_a5cec3f2_7bb8070c-9130-4a1d-baf1-749a9c8025d0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER98F8.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 11 03:35:26 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A31.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A61.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 1500
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.37/
|
185.215.113.37
|
|
|
|
http://185.215.113.37
|
unknown
|
|
|
|
http://185.215.113.37/e2b1563c6670f193.php
|
|
||
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.37
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProgramId
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
FileId
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LongPathHash
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Name
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Publisher
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Version
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinaryType
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductName
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
ProductVersion
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
LinkDate
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Size
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Language
|
|
|
|
\REGISTRY\A\{6c75e14c-d150-67ae-9b39-f0e9a0230354}\Root\InventoryApplicationFile\file.exe|ff8e65d6b06db8e5
|
Usn
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
F62000
|
unkown
|
page execute and read and write
|
|
|
|
C3E000
|
heap
|
page read and write
|
|
|
|
5010000
|
direct allocation
|
page read and write
|
|
|
|
F9A000
|
unkown
|
page execute and read and write
|
|
|
|
F01000
|
unkown
|
page execute and read and write
|
|
|
|
B84000
|
heap
|
page read and write
|
||
|
408E000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C85000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D31F000
|
stack
|
page read and write
|
||
|
5160000
|
direct allocation
|
page execute and read and write
|
||
|
458E000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
4B90000
|
heap
|
page read and write
|
||
|
1D36D000
|
stack
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
490F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
13F5000
|
unkown
|
page execute and read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
368E000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3B8E000
|
stack
|
page read and write
|
||
|
F00000
|
unkown
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3DCF000
|
stack
|
page read and write
|
||
|
EC0000
|
direct allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
114A000
|
unkown
|
page execute and read and write
|
||
|
3A0F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3F4E000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
3E0E000
|
stack
|
page read and write
|
||
|
4A8E000
|
stack
|
page read and write
|
||
|
340E000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
12E8000
|
unkown
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D0DE000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D1DE000
|
stack
|
page read and write
|
||
|
2F4F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
5150000
|
direct allocation
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
354E000
|
stack
|
page read and write
|
||
|
4FD0000
|
heap
|
page read and write
|
||
|
46CE000
|
stack
|
page read and write
|
||
|
C0E000
|
stack
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
504C000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
4A4F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
33CF000
|
stack
|
page read and write
|
||
|
1D730000
|
trusted library allocation
|
page read and write
|
||
|
494E000
|
stack
|
page read and write
|
||
|
37CE000
|
stack
|
page read and write
|
||
|
15A4000
|
unkown
|
page execute and write copy
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
F85000
|
unkown
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D5AE000
|
stack
|
page read and write
|
||
|
318E000
|
stack
|
page read and write
|
||
|
115E000
|
unkown
|
page execute and read and write
|
||
|
F88000
|
unkown
|
page execute and read and write
|
||
|
5160000
|
direct allocation
|
page execute and read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
3C8F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
5170000
|
direct allocation
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
EAE000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
A10000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B8F000
|
stack
|
page read and write
|
||
|
1CF5F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
390E000
|
stack
|
page read and write
|
||
|
38CF000
|
stack
|
page read and write
|
||
|
7B5000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
328F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B5E000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4FD0000
|
trusted library allocation
|
page read and write
|
||
|
1CE5E000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
404F000
|
stack
|
page read and write
|
||
|
454F000
|
stack
|
page read and write
|
||
|
ED0000
|
direct allocation
|
page execute and read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
C30000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D46C000
|
stack
|
page read and write
|
||
|
514F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
F01000
|
unkown
|
page execute and write copy
|
||
|
444E000
|
stack
|
page read and write
|
||
|
418F000
|
stack
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
EEB000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
41CE000
|
stack
|
page read and write
|
||
|
42CF000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
3F0F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
1CF9E000
|
stack
|
page read and write
|
||
|
3CCE000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D21E000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
F8F000
|
unkown
|
page execute and read and write
|
||
|
304F000
|
stack
|
page read and write
|
||
|
3A4E000
|
stack
|
page read and write
|
||
|
EE0000
|
heap
|
page read and write
|
||
|
480E000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
1D4AE000
|
stack
|
page read and write
|
||
|
32CE000
|
stack
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
15A3000
|
unkown
|
page execute and read and write
|
||
|
EC0000
|
direct allocation
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
47CF000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
CB3000
|
heap
|
page read and write
|
||
|
13C8000
|
unkown
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
314F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
EF0000
|
direct allocation
|
page execute and read and write
|
||
|
3B4F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
430E000
|
stack
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
440F000
|
stack
|
page read and write
|
||
|
1405000
|
unkown
|
page execute and write copy
|
||
|
F5A000
|
unkown
|
page execute and read and write
|
||
|
468F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
5180000
|
direct allocation
|
page execute and read and write
|
||
|
6BC000
|
stack
|
page read and write
|
||
|
364F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C20000
|
direct allocation
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
1405000
|
unkown
|
page execute and read and write
|
||
|
EE7000
|
heap
|
page read and write
|
||
|
1D09F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B80000
|
heap
|
page read and write
|
||
|
16AE000
|
stack
|
page read and write
|
||
|
CA6000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
13ED000
|
unkown
|
page execute and read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
C97000
|
heap
|
page read and write
|
||
|
F00000
|
unkown
|
page readonly
|
||
|
350F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
E2F000
|
stack
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
4B91000
|
heap
|
page read and write
|
||
|
E6B000
|
stack
|
page read and write
|
||
|
4BA0000
|
heap
|
page read and write
|
||
|
378F000
|
stack
|
page read and write
|
||
|
B84000
|
heap
|
page read and write
|
||
|
1406000
|
unkown
|
page execute and write copy
|
There are 219 hidden memdumps, click here to show them.