Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
HDDScan.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_HDDScan.exe_ea76cdead1d43b14caecbb56706fddae3cce72_2ee009fe_89fc0316-4654-4def-96d8-ca5193bfe192\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA724.tmp.dmp
|
Mini DuMP crash report, 15 streams, Thu Mar 28 21:23:57 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA800.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA820.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\HDDScan.exe
|
"C:\Users\user\Desktop\HDDScan.exe"
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 596
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://hddscan.com/dfgkjdfg435egdvkjdv
|
unknown
|
||
|
http://hddscan.comopen
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://hddscan.ruopenj
|
unknown
|
||
|
http://www.bsalsa.com/
|
unknown
|
||
|
http://www.hddscan.com
|
unknown
|
||
|
http://bsalsa.com/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
ProgramId
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
FileId
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
LongPathHash
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Name
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
OriginalFileName
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Publisher
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Version
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
BinFileVersion
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
BinaryType
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
ProductName
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
ProductVersion
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
LinkDate
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
BinProductVersion
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Size
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Language
|
||
|
\REGISTRY\A\{2546e36e-37a3-808e-0c91-bd64cbfbc15b}\Root\InventoryApplicationFile\hddscan.exe|d36eed72efe80e48
|
Usn
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2893000
|
direct allocation
|
page read and write
|
||
|
C6E000
|
stack
|
page read and write
|
||
|
D45000
|
heap
|
page read and write
|
||
|
276F000
|
stack
|
page read and write
|
||
|
890000
|
unkown
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
395C000
|
heap
|
page read and write
|
||
|
D16000
|
heap
|
page read and write
|
||
|
D2C000
|
heap
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
D32000
|
heap
|
page read and write
|
||
|
3220000
|
heap
|
page read and write
|
||
|
3761000
|
heap
|
page read and write
|
||
|
27E9000
|
direct allocation
|
page read and write
|
||
|
2F50000
|
heap
|
page read and write
|
||
|
288C000
|
direct allocation
|
page read and write
|
||
|
3750000
|
heap
|
page read and write
|
||
|
89C000
|
unkown
|
page write copy
|
||
|
CC0000
|
direct allocation
|
page execute and read and write
|
||
|
3760000
|
heap
|
page read and write
|
||
|
3756000
|
heap
|
page read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
4E80000
|
trusted library allocation
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
289A000
|
direct allocation
|
page read and write
|
||
|
CDA000
|
heap
|
page read and write
|
||
|
2844000
|
direct allocation
|
page read and write
|
||
|
27D1000
|
direct allocation
|
page read and write
|
||
|
D51000
|
heap
|
page read and write
|
||
|
8A5000
|
unkown
|
page readonly
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
29D3000
|
heap
|
page read and write
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
28DB000
|
heap
|
page read and write
|
||
|
3754000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page read and write
|
||
|
2817000
|
direct allocation
|
page read and write
|
||
|
596E000
|
direct allocation
|
page read and write
|
||
|
28A1000
|
direct allocation
|
page read and write
|
||
|
9CF000
|
unkown
|
page readonly
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
2BC0000
|
heap
|
page read and write
|
||
|
284B000
|
direct allocation
|
page read and write
|
||
|
30FE000
|
stack
|
page read and write
|
||
|
5934000
|
direct allocation
|
page read and write
|
||
|
9E1000
|
unkown
|
page readonly
|
||
|
2770000
|
direct allocation
|
page read and write
|
||
|
D28000
|
heap
|
page read and write
|
||
|
87F000
|
unkown
|
page execute read
|
||
|
D51000
|
heap
|
page read and write
|
||
|
56CC000
|
direct allocation
|
page read and write
|
||
|
898000
|
unkown
|
page read and write
|
||
|
283C000
|
direct allocation
|
page read and write
|
||
|
2852000
|
direct allocation
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
30AF000
|
stack
|
page read and write
|
||
|
D58000
|
heap
|
page read and write
|
||
|
593B000
|
direct allocation
|
page read and write
|
||
|
27E0000
|
direct allocation
|
page read and write
|
||
|
56C8000
|
direct allocation
|
page read and write
|
||
|
4E00000
|
trusted library allocation
|
page read and write
|
||
|
D4C000
|
heap
|
page read and write
|
||
|
5A3B000
|
heap
|
page read and write
|
||
|
281E000
|
direct allocation
|
page read and write
|
||
|
3751000
|
heap
|
page read and write
|
||
|
287D000
|
direct allocation
|
page read and write
|
||
|
56D0000
|
direct allocation
|
page read and write
|
||
|
3793000
|
heap
|
page read and write
|
||
|
28D6000
|
heap
|
page read and write
|
||
|
27E2000
|
direct allocation
|
page read and write
|
||
|
27D8000
|
direct allocation
|
page read and write
|
||
|
56CE000
|
direct allocation
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
27FF000
|
direct allocation
|
page read and write
|
||
|
27C9000
|
direct allocation
|
page read and write
|
||
|
56C2000
|
direct allocation
|
page read and write
|
||
|
CF4000
|
heap
|
page read and write
|
||
|
3755000
|
heap
|
page read and write
|
||
|
A1A000
|
unkown
|
page readonly
|
||
|
279A000
|
direct allocation
|
page read and write
|
||
|
5766000
|
direct allocation
|
page read and write
|
||
|
D38000
|
heap
|
page read and write
|
||
|
2807000
|
direct allocation
|
page read and write
|
||
|
D52000
|
heap
|
page read and write
|
||
|
2775000
|
direct allocation
|
page read and write
|
||
|
27F0000
|
direct allocation
|
page read and write
|
||
|
89C000
|
unkown
|
page read and write
|
||
|
594C000
|
direct allocation
|
page read and write
|
||
|
ECF000
|
stack
|
page read and write
|
||
|
3751000
|
heap
|
page read and write
|
||
|
592B000
|
direct allocation
|
page read and write
|
||
|
D02000
|
heap
|
page read and write
|
||
|
56CA000
|
direct allocation
|
page read and write
|
||
|
2834000
|
direct allocation
|
page read and write
|
||
|
7FE00000
|
direct allocation
|
page read and write
|
||
|
D34000
|
heap
|
page read and write
|
||
|
2787000
|
direct allocation
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
975000
|
unkown
|
page readonly
|
||
|
886000
|
unkown
|
page read and write
|
||
|
5A3F000
|
heap
|
page read and write
|
||
|
576D000
|
direct allocation
|
page read and write
|
||
|
D21000
|
heap
|
page read and write
|
||
|
894000
|
unkown
|
page read and write
|
||
|
D41000
|
heap
|
page read and write
|
||
|
4DA0000
|
heap
|
page read and write
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
886000
|
unkown
|
page write copy
|
||
|
3964000
|
heap
|
page read and write
|
||
|
56C4000
|
direct allocation
|
page read and write
|
||
|
2792000
|
direct allocation
|
page read and write
|
||
|
282D000
|
direct allocation
|
page read and write
|
||
|
987000
|
unkown
|
page readonly
|
||
|
198000
|
stack
|
page read and write
|
||
|
9BD000
|
unkown
|
page readonly
|
||
|
B55000
|
heap
|
page read and write
|
||
|
5757000
|
direct allocation
|
page read and write
|
||
|
D52000
|
heap
|
page read and write
|
||
|
D24000
|
heap
|
page read and write
|
||
|
CB0000
|
heap
|
page read and write
|
||
|
29D0000
|
heap
|
page read and write
|
||
|
27DE000
|
direct allocation
|
page read and write
|
||
|
D3D000
|
heap
|
page read and write
|
||
|
56C6000
|
direct allocation
|
page read and write
|
||
|
31FF000
|
stack
|
page read and write
|
||
|
27F3000
|
direct allocation
|
page read and write
|
||
|
D47000
|
heap
|
page read and write
|
||
|
3210000
|
heap
|
page read and write
|
||
|
277C000
|
direct allocation
|
page read and write
|
||
|
AF0000
|
heap
|
page read and write
|
||
|
88C000
|
unkown
|
page read and write
|
||
|
D4F000
|
heap
|
page read and write
|
||
|
CD0000
|
heap
|
page read and write
|
||
|
28A8000
|
direct allocation
|
page read and write
|
||
|
2884000
|
direct allocation
|
page read and write
|
||
|
888000
|
unkown
|
page read and write
|
||
|
56C0000
|
direct allocation
|
page read and write
|
||
|
27B3000
|
direct allocation
|
page read and write
|
||
|
CDE000
|
heap
|
page read and write
|
||
|
91000
|
stack
|
page read and write
|
||
|
2868000
|
direct allocation
|
page read and write
|
||
|
2860000
|
direct allocation
|
page read and write
|
||
|
D4A000
|
heap
|
page read and write
|
||
|
27DC000
|
direct allocation
|
page read and write
|
||
|
3755000
|
heap
|
page read and write
|
There are 138 hidden memdumps, click here to show them.