Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
Firefly.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Firefly.exe_23b78092aee8f5761b43cd79acb5af5c33440ff_b5f3949a_8fbd4526-73f1-4a57-b4f6-8587215b046e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER98EA.tmp.dmp
|
Mini DuMP crash report, 16 streams, Tue Apr 23 20:31:58 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B3D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B6D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\Firefly.exe
|
"C:\Users\user\Desktop\Firefly.exe"
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 2352 -s 1056
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://scriptblox.com/api/script/
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://getwave.gg7/Assets/Images/Ads/LVAd.jpgYhttps://publisher.linkvertise.com/ac/1138912?/Assets/
|
unknown
|
||
https://ezgif.com/resizeX
|
unknown
|
||
https://scriptblox.comCwindow.updateOptions(
|
unknown
|
||
https://scriptblox.com/api/script/fetch?page=whttps://scriptblox.com/api/script/search?filters=free&
|
unknown
|
||
https://thumbnails.roblox.com/v1/users/avatar-headshot?userIds=1&size=48x48&format=Png&isCircular=tr
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
ProgramId
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
FileId
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
LowerCaseLongPath
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
LongPathHash
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Name
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
OriginalFileName
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Publisher
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Version
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
BinFileVersion
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
BinaryType
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
ProductName
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
ProductVersion
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
LinkDate
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
BinProductVersion
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
AppxPackageFullName
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Size
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Language
|
||
\REGISTRY\A\{90dfcf2d-c655-f564-5b20-313545768382}\Root\InventoryApplicationFile\firefly.exe|8e529efe8ace255f
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3342DFE000
|
stack
|
page read and write
|
||
1EEF1D44000
|
heap
|
page read and write
|
||
1EEF1EC0000
|
heap
|
page read and write
|
||
33429FE000
|
stack
|
page read and write
|
||
1EEF1FD0000
|
heap
|
page read and write
|
||
1EEF1F63000
|
trusted library allocation
|
page read and write
|
||
1EE80001000
|
trusted library allocation
|
page read and write
|
||
1EEF1F95000
|
heap
|
page read and write
|
||
1EEF1EE0000
|
heap
|
page read and write
|
||
7FF4A7900000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1F90000
|
heap
|
page read and write
|
||
7FF848E2D000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1F80000
|
heap
|
page read and write
|
||
33431FC000
|
stack
|
page read and write
|
||
7FF848E12000
|
trusted library allocation
|
page read and write
|
||
7FF848F20000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1D3D000
|
heap
|
page read and write
|
||
1EEF1F30000
|
trusted library allocation
|
page read and write
|
||
1EEF1F60000
|
trusted library allocation
|
page read and write
|
||
33425FE000
|
stack
|
page read and write
|
||
1EE9000D000
|
trusted library allocation
|
page read and write
|
||
1EEF2030000
|
heap
|
page execute and read and write
|
||
7FF848E02000
|
trusted library allocation
|
page read and write
|
||
1EEF1EA0000
|
heap
|
page read and write
|
||
3341DF0000
|
stack
|
page read and write
|
||
1EEF1D46000
|
heap
|
page read and write
|
||
7FF848E1A000
|
trusted library allocation
|
page read and write
|
||
33435FF000
|
stack
|
page read and write
|
||
7FF848FB2000
|
trusted library allocation
|
page read and write
|
||
1EEF20A0000
|
heap
|
page read and write
|
||
1EEF1CC0000
|
heap
|
page read and write
|
||
7FF848EE6000
|
trusted library allocation
|
page execute and read and write
|
||
3343DFE000
|
stack
|
page read and write
|
||
1EEF1CFB000
|
heap
|
page read and write
|
||
7FF848E2B000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1FC0000
|
heap
|
page execute and read and write
|
||
1EEF1512000
|
unkown
|
page readonly
|
||
33421FE000
|
stack
|
page read and write
|
||
1EE90011000
|
trusted library allocation
|
page read and write
|
||
7FF848EB0000
|
trusted library allocation
|
page read and write
|
||
1EEF1D48000
|
heap
|
page read and write
|
||
7FF848FA0000
|
trusted library allocation
|
page read and write
|
||
7FF848EBC000
|
trusted library allocation
|
page execute and read and write
|
||
1EE90007000
|
trusted library allocation
|
page read and write
|
||
1EEF1C16000
|
unkown
|
page readonly
|
||
1EE90001000
|
trusted library allocation
|
page read and write
|
||
7FF848E0D000
|
trusted library allocation
|
page execute and read and write
|
||
7FF848E20000
|
trusted library allocation
|
page read and write
|
||
1EEF1F50000
|
trusted library allocation
|
page read and write
|
||
1EEF1CFD000
|
heap
|
page read and write
|
||
1EEF2078000
|
heap
|
page read and write
|
||
1EEF2070000
|
heap
|
page read and write
|
||
1EEF20A5000
|
heap
|
page read and write
|
||
7FF848E5C000
|
trusted library allocation
|
page execute and read and write
|
||
1EE9001A000
|
trusted library allocation
|
page read and write
|
||
1EEF1D13000
|
heap
|
page read and write
|
||
7FF848FC0000
|
trusted library allocation
|
page read and write
|
||
1EEF1CDC000
|
heap
|
page read and write
|
||
7FF848E03000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1D10000
|
heap
|
page read and write
|
||
7FF848E04000
|
trusted library allocation
|
page read and write
|
||
7FF848E10000
|
trusted library allocation
|
page read and write
|
||
1EEF1CD0000
|
heap
|
page read and write
|
||
1EEF1CD6000
|
heap
|
page read and write
|
||
7FF848EC0000
|
trusted library allocation
|
page execute and read and write
|
||
1EEF1D03000
|
heap
|
page read and write
|
||
33439FE000
|
stack
|
page read and write
|
||
7FF848EB6000
|
trusted library allocation
|
page read and write
|
||
1EEF1510000
|
unkown
|
page readonly
|
||
1EEF4110000
|
heap
|
page read and write
|
There are 60 hidden memdumps, click here to show them.