Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
.com.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\services.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmp5339.tmp
|
Zip archive data, at least v1.0 to extract, compression method=store
|
modified
|
|
|
|
C:\Users\user\AppData\Local\Temp\tmpF245.tmp
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Windows\java.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\Windows\services.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_.com.exe_532a1c85ccf97a88b6c767898461e0aa5a7927b_c857d077_bd394482-40cb-47de-84be-3ef2afd40a7d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72B1.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Mar 18 13:36:54 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER74A6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER74E5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmpF245.tmp:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\zincite.log
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
||
|
C:\Windows\java.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
There are 4 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\ .com.exe
|
C:\Users\user\Desktop\ .com.exe
|
|
|
|
C:\Windows\services.exe
|
C:\Windows\services.exe
|
|
|
|
C:\Windows\java.exe
|
"C:\Windows\java.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\services.exe
|
C:\Users\user\AppData\Local\Temp\services.exe
|
|
|
|
C:\Windows\services.exe
|
"C:\Windows\services.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 1188
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://southafrica.smartscreen.microsoft
|
unknown
|
||
|
http://www.altavista.com/web/results?q=%s&kgs=0&kls=0
|
unknown
|
||
|
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%s
|
unknown
|
||
|
https://denmark.smartscre_
|
unknown
|
||
|
http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=%s&nbq=%dhttp://www.altavista.c
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://europe.dbgcreepp
|
unknown
|
||
|
http://search.lycos.com/default.asp?lpv=1&loc=searchhp&tab=web&query=%s
|
unknown
|
||
|
https://europe.d
|
unknown
|
||
|
http://search.yahoo.com/search?p=%s&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=
|
unknown
|
||
|
https://denmark.smartscre_curlrcom
|
unknown
|
||
|
https://unitedstates4.ss.wd.microsoft.us
|
unknown
|
||
|
https://southkoreregid.1991-06.com.microsoftza
|
unknown
|
||
|
https://unitedstates2.ss.wd.microsoft.us
|
unknown
|
||
|
https://unitedstates1.ss.wd.microsoft.us
|
unknown
|
There are 5 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
192.168.2.14
|
unknown
|
unknown
|
|
|
|
192.168.2.18
|
unknown
|
unknown
|
|
|
|
192.168.2.9
|
unknown
|
unknown
|
|
|
|
172.16.1.166
|
unknown
|
Reserved
|
||
|
10.0.2.15
|
unknown
|
unknown
|
||
|
172.16.1.4
|
unknown
|
Reserved
|
||
|
10.127.0.3
|
unknown
|
unknown
|
||
|
172.16.1.2
|
unknown
|
Reserved
|
||
|
172.16.1.104
|
unknown
|
Reserved
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
JavaVM
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Services
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
ProgramId
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
FileId
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
LongPathHash
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Name
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
OriginalFileName
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Publisher
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Version
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
BinFileVersion
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
BinaryType
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
ProductName
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
ProductVersion
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
LinkDate
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
BinProductVersion
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Size
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Language
|
||
|
\REGISTRY\A\{921936f7-72fe-01ed-64fb-295278aabe98}\Root\InventoryApplicationFile\ .com.exe|fb2a3c4c39346f59
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
|
Services
|
There are 16 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
501000
|
unkown
|
page execute and read and write
|
|
|
|
501000
|
unkown
|
page execute and read and write
|
|
|
|
21CC000
|
stack
|
page read and write
|
||
|
50F000
|
unkown
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
65C000
|
stack
|
page read and write
|
||
|
842000
|
heap
|
page read and write
|
||
|
1E5000
|
heap
|
page read and write
|
||
|
4E0000
|
heap
|
page read and write
|
||
|
19B000
|
stack
|
page read and write
|
||
|
256E000
|
stack
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
509000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
888000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
2A5F000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8D1000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
400000
|
unkown
|
page readonly
|
||
|
59E000
|
stack
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
8E1000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and read and write
|
||
|
27EE000
|
stack
|
page read and write
|
||
|
26AE000
|
stack
|
page read and write
|
||
|
53E000
|
stack
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
221D000
|
stack
|
page read and write
|
||
|
50F000
|
unkown
|
page write copy
|
||
|
5A0000
|
heap
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
61A000
|
heap
|
page read and write
|
||
|
88E000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
90B000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
834000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and write copy
|
||
|
837000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
828000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
53E000
|
stack
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
65E000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page write copy
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
7AF000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
61E000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
19D000
|
stack
|
page read and write
|
||
|
28EF000
|
stack
|
page read and write
|
||
|
8E2000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
835000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
602000
|
heap
|
page read and write
|
||
|
8FC000
|
heap
|
page read and write
|
||
|
AFF000
|
stack
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
2D1F000
|
stack
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
509000
|
unkown
|
page execute and read and write
|
||
|
8EE000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
400000
|
heap
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
800000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
668000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
500000
|
unkown
|
page readonly
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
880000
|
heap
|
page read and write
|
||
|
27AF000
|
stack
|
page read and write
|
||
|
5DC000
|
stack
|
page read and write
|
||
|
82D000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
55D000
|
stack
|
page read and write
|
||
|
540000
|
heap
|
page read and write
|
||
|
4D0000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
2CDF000
|
stack
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
2A5F000
|
stack
|
page read and write
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
1C0000
|
heap
|
page read and write
|
||
|
848000
|
heap
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
295E000
|
stack
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
833000
|
heap
|
page read and write
|
||
|
8EF000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
83D000
|
heap
|
page read and write
|
||
|
509000
|
unkown
|
page execute and write copy
|
||
|
5FC000
|
stack
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
8E6000
|
heap
|
page read and write
|
||
|
80F000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
824000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
80A000
|
heap
|
page read and write
|
||
|
67C000
|
heap
|
page read and write
|
||
|
510000
|
unkown
|
page execute and write copy
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
50F000
|
unkown
|
page read and write
|
||
|
1E0000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
19D000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
2C1E000
|
stack
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
863000
|
heap
|
page read and write
|
||
|
82C000
|
heap
|
page read and write
|
||
|
84C000
|
stack
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
8ED000
|
heap
|
page read and write
|
||
|
509000
|
unkown
|
page execute and read and write
|
||
|
90F000
|
stack
|
page read and write
|
||
|
812000
|
heap
|
page read and write
|
||
|
8FB000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
269F000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
8E8000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page write copy
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
901000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
55E000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
420000
|
heap
|
page read and write
|
||
|
27DC000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
8EB000
|
heap
|
page read and write
|
||
|
800000
|
heap
|
page read and write
|
||
|
2A9E000
|
stack
|
page read and write
|
||
|
50D000
|
unkown
|
page execute and read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
50D000
|
unkown
|
page execute and read and write
|
||
|
266F000
|
stack
|
page read and write
|
||
|
85E000
|
heap
|
page read and write
|
||
|
420000
|
heap
|
page read and write
|
||
|
407000
|
unkown
|
page read and write
|
||
|
854000
|
heap
|
page read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
401000
|
unkown
|
page execute and read and write
|
||
|
406000
|
unkown
|
page execute and write copy
|
||
|
90B000
|
heap
|
page read and write
|
||
|
602000
|
heap
|
page read and write
|
||
|
610000
|
heap
|
page read and write
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
6A5000
|
heap
|
page read and write
|
||
|
8E4000
|
heap
|
page read and write
|
||
|
259E000
|
stack
|
page read and write
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
2BDE000
|
stack
|
page read and write
|
||
|
8E7000
|
heap
|
page read and write
|
||
|
405000
|
unkown
|
page execute and write copy
|
||
|
8D1000
|
heap
|
page read and write
|
There are 221 hidden memdumps, click here to show them.