IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\AAFIDGCFHIEHJJJJECAKKJDBAF
SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
dropped
C:\ProgramData\BAAFIJKK
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
dropped
C:\ProgramData\BFIDGHDB
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\ECGDBAEHIJKKFHIEGCBGCAFIJJ
SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
dropped
C:\ProgramData\EGIIJDHC
SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\EHIJDHCAKKFCBGCBAAEC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
dropped
C:\ProgramData\GIJKKKFC
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
dropped
C:\ProgramData\IDHIIJJJKEGIDGCBAFIJ
SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
dropped
C:\ProgramData\IDHIIJJJKEGI\freebl3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\IDHIIJJJKEGI\mozglue.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\IDHIIJJJKEGI\msvcp140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\IDHIIJJJKEGI\nss3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\IDHIIJJJKEGI\softokn3.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\ProgramData\IDHIIJJJKEGI\vcruntime140.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_58cbbdabe4c24a5e12620d3d2ad4d716cc762a1_df623e3f_8c5bfa1b-689e-47c3-9a33-2235ea871181\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDEA8.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Apr 23 19:43:54 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF55.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDF94.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\sqln[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\76561199677575543[1].htm
HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\freebl3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\mozglue[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\msvcp140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\nss3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\softokn3[1].dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\vcruntime140[1].dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 18 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
"C:\Users\user\Desktop\file.exe"
 malicious
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
 malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 356

URLs

Name
IP
Malicious
https://duckduckgo.com/chrome_newtab
unknown
https://duckduckgo.com/ac/?q=
unknown
https://95.217.244.99/softokn3.dllcH
unknown
https://95.217.244.99AKFC
unknown
https://steamcommunity.com/?subsection=broadcasts
unknown
https://steamcommunity.com/profiles/76561199677575543/badges
unknown
https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=-zPAhzrcAAqx&l=e
unknown
https://store.steampowered.com/subscriber_agreement/
unknown
https://www.gstatic.cn/recaptcha/
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
unknown
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
unknown
http://www.valvesoftware.com/legal.htm
unknown
https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
unknown
https://steamcommunity.com/profiles/76561199677575543/inventory/
unknown
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
unknown
https://95.217.244.9
unknown
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
unknown
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
unknown
https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=SPpMitTYp6ku&l=en
unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
unknown
https://95.217.244.99/softokn3.dll
95.217.244.99
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=1_BxDGVvfXwv&am
unknown
https://95.217.244.99/sqln.dll
95.217.244.99
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=Kg_v7CMM
unknown
http://www.mozilla.com/en-US/blocklist/
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
unknown
https://mozilla.org0/
unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&
unknown
http://store.steampowered.com/privacy_agreement/
unknown
https://store.steampowered.com/points/shop/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
https://steamcommunity.com/profiles/76561199677575543Mozilla/5.0
unknown
https://www.ecosia.org/newtab/
unknown
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
unknown
https://store.steampowered.com/privacy_agreement/
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
unknown
https://95.217.244.99/17.244.99/
unknown
https://steamcommunity.com/profiles/76561199677575543
23.47.27.74
https://www.google.com/recaptcha/
unknown
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
unknown
https://95.217.244.99/softokn3.dll-H
unknown
https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
unknown
https://95.217.244.99/
95.217.244.99
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
unknown
https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
unknown
https://store.steampowered.com/about/
unknown
https://steamcommunity.com/my/wishlist/
unknown
https://t.me/snsb82At
unknown
https://95.217.244.99
unknown
https://help.steampowered.com/en/
unknown
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
unknown
https://steamcommunity.com/market/
unknown
https://store.steampowered.com/news/
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://store.steampowered.com/subscriber_agreement/
unknown
https://95.217.244.99/nss3.dll
95.217.244.99
https://95.217.244.99/vcruntime140.dll
95.217.244.99
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
unknown
https://95.217.244.99/msvcp140.dll
95.217.244.99
https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
unknown
https://steamcommunity.com/discussions/
unknown
https://store.steampowered.com/stats/
unknown
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
unknown
https://store.steampowered.com/steam_refunds/
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
https://steamcommunity.com/H
unknown
https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&a
unknown
https://steamcommunity.com/workshop/
unknown
https://store.steampowered.com/legal/
unknown
https://t.me/snsb82
unknown
https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
unknown
http://www.sqlite.org/copyright.html.
unknown
https://95.217.244.99EGHJ
unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
unknown
https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico
unknown
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=C4Kx
unknown
https://steamcommunity.com/profiles/76561199677575543w
unknown
https://recaptcha.net
unknown
http://upx.sf.net
unknown
https://store.steampowered.com/
unknown
https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
unknown
https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
unknown
https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
unknown
https://95.217.244.99/mozglue.dll
95.217.244.99
https://ac.ecosia.org/autocomplete?q=
unknown
https://95.217.244.99/nss3.dlljL
unknown
https://95.217.244.99/vcruntime140.dllu
unknown
https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
unknown
https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
unknown
https://95.217.244.99/B
unknown
https://api.steampowered.com/
unknown
https://95.217.244.99/freebl3.dll
95.217.244.99
http://store.steampowered.com/account/cookiepreferences/
unknown
https://store.steampowered.com/mobile
unknown
https://steamcommunity.com/
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
steamcommunity.com
23.47.27.74

IPs

IP
Domain
Country
Malicious
95.217.244.99
unknown
Germany
23.47.27.74
steamcommunity.com
United States

Registry

Path
Value
Malicious
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProgramId
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
FileId
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LowerCaseLongPath
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LongPathHash
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Name
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
OriginalFileName
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Publisher
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Version
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinFileVersion
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinaryType
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProductName
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
ProductVersion
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
LinkDate
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
BinProductVersion
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
AppxPackageFullName
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
AppxPackageRelativeId
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Size
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Language
\REGISTRY\A\{69b076dd-9788-e3a3-cd30-748f2a1432b2}\Root\InventoryApplicationFile\file.exe|5c6ea74fda3dfec0
Usn
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
400000
remote allocation
page execute and read and write
 malicious
51F000
unkown
page read and write
 malicious
1493000
heap
page read and write
3B3A000
heap
page read and write
76CF000
stack
page read and write
C90000
heap
page read and write
13A1B000
stack
page read and write
C20000
heap
page read and write
14C5000
heap
page read and write
144A000
heap
page read and write
1000000
heap
page read and write
518E000
stack
page read and write
19DA6000
direct allocation
page execute read
553000
unkown
page execute and read and write
EC4E000
stack
page read and write
5F9000
remote allocation
page execute and read and write
1A261000
heap
page read and write
12FC000
stack
page read and write
19C40000
direct allocation
page execute and read and write
13CE1000
heap
page read and write
C9E000
heap
page read and write
C9A000
heap
page read and write
19C48000
direct allocation
page execute read
13B80000
heap
page read and write
564000
unkown
page readonly
13E21000
heap
page read and write
451000
unkown
page execute read
C65D000
stack
page read and write
43A000
remote allocation
page execute and read and write
451000
unkown
page execute read
C69D000
stack
page read and write
19E4F000
direct allocation
page readonly
12F3000
stack
page read and write
14AF000
heap
page read and write
19E8A000
direct allocation
page readonly
770E000
stack
page read and write
138C0000
heap
page read and write
51F000
unkown
page write copy
19E58000
direct allocation
page readonly
1A273000
heap
page read and write
562000
unkown
page readonly
19E8F000
direct allocation
page readonly
1530000
heap
page read and write
13F0000
heap
page read and write
13B99000
heap
page read and write
1136E000
stack
page read and write
C6E000
stack
page read and write
55D000
unkown
page write copy
436000
remote allocation
page execute and read and write
50B000
unkown
page readonly
503000
unkown
page execute read
B20000
heap
page read and write
12EF000
stack
page read and write
1660000
heap
page read and write
19C41000
direct allocation
page execute read
460000
unkown
page execute read
ED4F000
stack
page read and write
AFD000
stack
page read and write
55D000
unkown
page read and write
1A1F0000
heap
page read and write
518000
remote allocation
page execute and read and write
12ED000
stack
page read and write
450000
unkown
page readonly
138AF000
stack
page read and write
FCF000
stack
page read and write
A11E000
stack
page read and write
13D0000
heap
page read and write
13A50000
heap
page read and write
13F5000
heap
page read and write
1A1F5000
heap
page read and write
C00000
heap
page read and write
FF0000
heap
page read and write
12EB000
stack
page read and write
503000
unkown
page execute read
55F000
remote allocation
page execute and read and write
641000
remote allocation
page execute and read and write
13EE8000
heap
page read and write
1391B000
stack
page read and write
50B000
unkown
page readonly
EBDE000
stack
page read and write
1440000
heap
page read and write
9FDE000
stack
page read and write
45C000
unkown
page execute read
A0DF000
stack
page read and write
19E4D000
direct allocation
page execute read
E8F000
stack
page read and write
460000
unkown
page execute read
450000
unkown
page readonly
ED9D000
stack
page read and write
45C000
unkown
page execute read
51B000
remote allocation
page execute and read and write
521000
remote allocation
page execute and read and write
9C4E000
stack
page read and write
112DC000
stack
page read and write
ECE000
stack
page read and write
562000
unkown
page readonly
564000
unkown
page readonly
1700000
heap
page read and write
19E8D000
direct allocation
page readonly
3B10000
heap
page read and write
3B30000
heap
page read and write
13CDA000
heap
page read and write
13E3F000
heap
page read and write
19E82000
direct allocation
page read and write
F8C000
stack
page read and write
13EE6000
heap
page read and write
7CC000
stack
page read and write
There are 97 hidden memdumps, click here to show them.