Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
file.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_819e5e45b8a757e26ca9bd44e6d9284b79b3342d_a5cec3f2_bd6d5ea6-705d-4af6-b2b9-a2e53a09d84c\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC47.tmp.dmp
|
Mini DuMP crash report, 14 streams, Fri Oct 11 11:45:48 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD51.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDC0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\file.exe
|
"C:\Users\user\Desktop\file.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 1460
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.37/
|
185.215.113.37
|
|
|
|
http://185.215.113.37/t
|
unknown
|
|
|
|
http://185.215.113.37/5
|
unknown
|
|
|
|
http://185.215.113.37
|
unknown
|
|
|
|
http://185.215.113.37/e2b1563c6670f193.php
|
|
||
|
http://upx.sf.net
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.37
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProgramId
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
FileId
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LowerCaseLongPath
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LongPathHash
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Name
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
OriginalFileName
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Publisher
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Version
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinFileVersion
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinaryType
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductName
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
ProductVersion
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
LinkDate
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
BinProductVersion
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageFullName
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
AppxPackageRelativeId
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Size
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Language
|
|
|
|
\REGISTRY\A\{d2deece2-1c0c-62a9-783f-23400904a681}\Root\InventoryApplicationFile\file.exe|7bc5a156b3ccd649
|
Usn
|
|
There are 9 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
331000
|
unkown
|
page execute and read and write
|
|
|
|
4CE0000
|
direct allocation
|
page read and write
|
|
|
|
3CA000
|
unkown
|
page execute and read and write
|
|
|
|
392000
|
unkown
|
page execute and read and write
|
|
|
|
DDE000
|
heap
|
page read and write
|
|
|
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4960000
|
trusted library allocation
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
4E90000
|
direct allocation
|
page execute and read and write
|
||
|
1CDEE000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
3E5F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
1CDAF000
|
stack
|
page read and write
|
||
|
31DF000
|
stack
|
page read and write
|
||
|
425E000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
E52000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
E55000
|
heap
|
page read and write
|
||
|
475E000
|
stack
|
page read and write
|
||
|
3C1E000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DD0000
|
heap
|
page read and write
|
||
|
111F000
|
stack
|
page read and write
|
||
|
3D5E000
|
stack
|
page read and write
|
||
|
7F8000
|
unkown
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
1CF2E000
|
stack
|
page read and write
|
||
|
837000
|
unkown
|
page execute and write copy
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
435F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
C6C000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2B9F000
|
stack
|
page read and write
|
||
|
411E000
|
stack
|
page read and write
|
||
|
461E000
|
stack
|
page read and write
|
||
|
4E30000
|
direct allocation
|
page execute and read and write
|
||
|
3F9F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
321E000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
E22000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
D65000
|
stack
|
page read and write
|
||
|
395F000
|
stack
|
page read and write
|
||
|
3FDE000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
38A000
|
unkown
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2F5F000
|
stack
|
page read and write
|
||
|
4880000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
827000
|
unkown
|
page execute and read and write
|
||
|
E37000
|
heap
|
page read and write
|
||
|
D6F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4E80000
|
direct allocation
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
3D1F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
349E000
|
stack
|
page read and write
|
||
|
330000
|
unkown
|
page readonly
|
||
|
2A90000
|
heap
|
page read and write
|
||
|
714000
|
unkown
|
page execute and read and write
|
||
|
421F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA0000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
36DF000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
125F000
|
stack
|
page read and write
|
||
|
4D1C000
|
stack
|
page read and write
|
||
|
2BDC000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
4860000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
836000
|
unkown
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
40DF000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
1CC6F000
|
stack
|
page read and write
|
||
|
1D333000
|
heap
|
page read and write
|
||
|
3B8000
|
unkown
|
page execute and read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4CC0000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
4878000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
836000
|
unkown
|
page execute and write copy
|
||
|
4861000
|
heap
|
page read and write
|
||
|
3BDF000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
385E000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
331000
|
unkown
|
page execute and write copy
|
||
|
57A000
|
unkown
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A60000
|
heap
|
page read and write
|
||
|
3BF000
|
unkown
|
page execute and read and write
|
||
|
1D450000
|
trusted library allocation
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
ED0000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
1D1BD000
|
stack
|
page read and write
|
||
|
4E1F000
|
stack
|
page read and write
|
||
|
1D02F000
|
stack
|
page read and write
|
||
|
4E60000
|
direct allocation
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
35DE000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
FB0000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
44DE000
|
stack
|
page read and write
|
||
|
1D17D000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
3E9E000
|
stack
|
page read and write
|
||
|
309F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4E50000
|
direct allocation
|
page execute and read and write
|
||
|
1CEEE000
|
stack
|
page read and write
|
||
|
4E40000
|
direct allocation
|
page execute and read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
449F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
330000
|
unkown
|
page read and write
|
||
|
2F9E000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
45DF000
|
stack
|
page read and write
|
||
|
58E000
|
unkown
|
page execute and read and write
|
||
|
3A9F000
|
stack
|
page read and write
|
||
|
101E000
|
stack
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
371E000
|
stack
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
485F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
115D000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
335E000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A97000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
9D8000
|
unkown
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
30DE000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4CE0000
|
direct allocation
|
page read and write
|
||
|
2D1E000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
1D2BC000
|
stack
|
page read and write
|
||
|
3B5000
|
unkown
|
page execute and read and write
|
||
|
1CB6E000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
381F000
|
stack
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
E64000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
471F000
|
stack
|
page read and write
|
||
|
2E5E000
|
stack
|
page read and write
|
||
|
81E000
|
unkown
|
page execute and read and write
|
||
|
DDA000
|
heap
|
page read and write
|
||
|
1CCAE000
|
stack
|
page read and write
|
||
|
331F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
9D9000
|
unkown
|
page execute and write copy
|
||
|
1D07E000
|
stack
|
page read and write
|
||
|
4E70000
|
direct allocation
|
page execute and read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2E1F000
|
stack
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
439E000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
4E60000
|
direct allocation
|
page execute and read and write
|
||
|
345F000
|
stack
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
4861000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2A9B000
|
heap
|
page read and write
|
||
|
DA4000
|
heap
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
2A70000
|
direct allocation
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
There are 224 hidden memdumps, click here to show them.