IOC Report
fxc.exe

loading gif

Files

File Path
Type
Category
Malicious
fxc.exe
PE32+ executable (GUI) x86-64, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fxc.exe_d5c59118b01e5ac2e9fe2cdeb3cf1adce977e24e_6f60c9ae_8b4724b5-c86e-4711-b290-a9b5b2b0ec6d\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70B6.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Oct 24 10:06:57 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7105.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7135.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\debug\fail.txt
ASCII text, with no line terminators
dropped
C:\Windows\debug\stop.exe
ASCII text, with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\fxc.exe
"C:\Users\user\Desktop\fxc.exe"
malicious
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7312 -s 232

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
ProgramId
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
FileId
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
LowerCaseLongPath
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
LongPathHash
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Name
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
OriginalFileName
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Publisher
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Version
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
BinFileVersion
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
BinaryType
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
ProductName
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
ProductVersion
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
LinkDate
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
BinProductVersion
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
AppxPackageFullName
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
AppxPackageRelativeId
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Size
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Language
malicious
\REGISTRY\A\{c55adf4a-0f07-3062-f7c7-e92cfe731cef}\Root\InventoryApplicationFile\fxc.exe|33b5bd023e334cc
Usn
malicious
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
1D93B39C000
heap
page read and write
1D93B5E0000
heap
page read and write
7FF7BC1F1000
unkown
page execute read
47619DC000
stack
page read and write
4761CFE000
stack
page read and write
1D93B300000
heap
page read and write
4761DFE000
stack
page read and write
1D93B390000
heap
page read and write
7FF7BC23F000
unkown
page readonly
7FF7BC23F000
unkown
page readonly
7FF7BC1F0000
unkown
page readonly
7FF7BC229000
unkown
page readonly
1D93B320000
heap
page read and write
7FF7BC23D000
unkown
page read and write
7FF7BC23D000
unkown
page write copy
7FF7BC1F0000
unkown
page readonly
1D93B220000
heap
page read and write
7FF7BC229000
unkown
page readonly
7FF7BC1F1000
unkown
page execute read
There are 9 hidden memdumps, click here to show them.