IOC Report
Set-up.exe

loading gif

Files

File Path
Type
Category
Malicious
Set-up.exe
PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_6529d8499c11cd4f9e25b8c1dc6756637128dac_19d51899_4bbfac33-b74e-4b75-8964-52e4937cc66a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_6529d8499c11cd4f9e25b8c1dc6756637128dac_19d51899_ae4f23fe-4453-4c08-8e49-5ec9a4d99431\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_6529d8499c11cd4f9e25b8c1dc6756637128dac_19d51899_da2a02b0-90a6-4a28-9c90-2e5bef4746ea\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_653df720363a23f9fbf1c3440f42767b874ec_19d51899_5409b9b5-c318-4fb1-b93f-79ad37fbd536\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_653df720363a23f9fbf1c3440f42767b874ec_19d51899_8e7d8957-4f25-4f86-92ca-b4478f3aa501\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_chrome.exe_653df720363a23f9fbf1c3440f42767b874ec_19d51899_b0903a45-bedb-4fc8-8d02-4a5e159b6a4a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D82.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:36 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3DE1.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E5F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER416A.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:37 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER419A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4208.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER502F.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:41 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER506F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER509F.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5281.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:42 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER52EF.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5458.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6398.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:46 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER63E7.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6417.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER65F9.tmp.dmp
Mini DuMP crash report, 14 streams, Sat May 10 06:05:47 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6639.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6669.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 16 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\Set-up.exe
"C:\Users\user\Desktop\Set-up.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
 malicious
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7260 -s 144
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7260 -s 92
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3888 -s 144
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3888 -s 92
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1692 -s 140
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1692 -s 92
There are 1 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://mcrsftuptade.pro/ujs/f1575b64-8492-4e8b-b102-4d26e8c70371
188.114.96.3
 malicious
http://mcrsftuptade.pro/Up/g
188.114.96.3
 malicious
http://mcrsftuptade.pro/Up
188.114.96.3
 malicious
http://mcrsftuptade.pro/Up/p
188.114.96.3
 malicious
http://mcrsftuptade.pro/Up/b
188.114.96.3
 malicious
http://h1.coldwalk.top/amshm.bin
unknown
https://duckduckgo.com/ac/?q=
unknown
http://h1.coldwalk.top/sh.ext.exe.bin
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown
http://www.netcrunch.tools/wmitool/
unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0
unknown
https://ac.ecosia.org?q=
unknown
http://upx.sf.net
unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
unknown
http://ocsp.rootca1.amazontrust.com0:
unknown
http://www.indyproject.org/
unknown
https://www.google.com/images/branding/product/ico/googleg_alldp.ico
unknown
https://www.ecosia.org/newtab/v20
unknown
http://www.adremsoft.com/autoupdate/wmi.tools.json
unknown
http://x1.c.lencr.org/0
unknown
http://x1.i.lencr.org/0
unknown
https://duckduckgo.com/chrome_newtabv20
unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?
unknown
http://www.mygale.org/~cresto/
unknown
http://www.adremsoft.com/autoupdate/wmi.tools.jsonSVWU
unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
unknown
https://gemini.google.com/app?q=
unknown
http://h1.coldwalk.top/shark.bin
unknown
There are 20 hidden URLs, click here to show them.

IPs

IP
Domain
Country
Malicious
188.114.96.3
unknown
European Union
malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
227000068000
trusted library allocation
page read and write
1AD16C09000
heap
page read and write
1824000
unkown
page readonly
42E2000
trusted library allocation
page read and write
3ACA000
direct allocation
page read and write
4339000
trusted library allocation
page read and write
10097000
trusted library allocation
page read and write
258B1860000
heap
page read and write
1AD16E90000
heap
page read and write
227000070000
trusted library allocation
page read and write
3A700002C000
trusted library allocation
page read and write
3D3F000
stack
page read and write
3A82000
direct allocation
page read and write
3A7000018000
trusted library allocation
page read and write
3F94000
direct allocation
page readonly
1AD16E10000
heap
page read and write
100E0000
trusted library allocation
page read and write
4B6800098000
trusted library allocation
page read and write
1CD2000
unkown
page readonly
1D737120000
heap
page read and write
29995FE000
stack
page read and write
140001000
direct allocation
page execute and read and write
3A7000080000
trusted library allocation
page read and write
1E30000
heap
page read and write
18A1000
unkown
page readonly
3A7000058000
trusted library allocation
page read and write
579800064000
trusted library allocation
page read and write
101A0000
trusted library allocation
page read and write
1C66000
unkown
page readonly
57980002C000
trusted library allocation
page read and write
10590000
trusted library allocation
page read and write
4B6800018000
trusted library allocation
page read and write
3B45000
heap
page read and write
3F81000
direct allocation
page execute read
1D737010000
heap
page read and write
400000
unkown
page readonly
57980008C000
trusted library allocation
page read and write
1AD16DF0000
heap
page read and write
1030F000
trusted library allocation
page read and write
1861000
unkown
page readonly
579800058000
trusted library allocation
page read and write
1E34000
heap
page read and write
227000098000
trusted library allocation
page read and write
1E00000
heap
page read and write
4B68000C0000
trusted library allocation
page read and write
101B8000
trusted library allocation
page read and write
1BBC000
unkown
page readonly
4B6800068000
trusted library allocation
page read and write
4B68000B8000
trusted library allocation
page read and write
140001000
direct allocation
page execute and read and write
57980003C000
trusted library allocation
page read and write
200B000
heap
page read and write
1CC0000
unkown
page readonly
42FA000
trusted library allocation
page read and write
1CDB000
unkown
page readonly
579800070000
trusted library allocation
page read and write
3AD8000
direct allocation
page read and write
3A7000008000
trusted library allocation
page read and write
258B18DA000
heap
page read and write
22700008C000
trusted library allocation
page read and write
227000058000
trusted library allocation
page read and write
159A000
unkown
page read and write
22700003C000
trusted library allocation
page read and write
1B70000
unkown
page readonly
1FF0000
direct allocation
page execute read
4404000
trusted library allocation
page read and write
2270000AC000
trusted library allocation
page read and write
1E34000
heap
page read and write
3E7E000
stack
page read and write
1D20000
heap
page read and write
10480000
trusted library allocation
page read and write
1AD16C2C000
heap
page read and write
101A0000
trusted library allocation
page read and write
1AD16C1A000
heap
page read and write
3A70000A8000
trusted library allocation
page read and write
4B68000AC000
trusted library allocation
page read and write
1E34000
heap
page read and write
10307000
trusted library allocation
page read and write
3B20000
trusted library allocation
page read and write
100E7000
trusted library allocation
page read and write
4B6800064000
trusted library allocation
page read and write
579800068000
trusted library allocation
page read and write
21FF000
stack
page read and write
1C9C000
unkown
page readonly
1E34000
heap
page read and write
143F000
unkown
page read and write
42F1000
trusted library allocation
page read and write
4B6800001000
trusted library allocation
page read and write
1871000
unkown
page readonly
148F000
unkown
page read and write
1FF2000
direct allocation
page read and write
3A7000098000
trusted library allocation
page read and write
1E34000
heap
page read and write
3FDC000
stack
page read and write
4B680008C000
trusted library allocation
page read and write
102E8000
trusted library allocation
page read and write
3A7000001000
trusted library allocation
page read and write
3A700003C000
trusted library allocation
page read and write
3B50000
heap
page read and write
42DC000
trusted library allocation
page read and write
579800080000
trusted library allocation
page read and write
141B000
unkown
page execute read
3B2A000
trusted library allocation
page read and write
4B680003C000
trusted library allocation
page read and write
4B6800004000
trusted library allocation
page read and write
4B680002C000
trusted library allocation
page read and write
3A700008C000
trusted library allocation
page read and write
1D737190000
heap
page read and write
10370000
trusted library allocation
page read and write
2000000
heap
page read and write
100CF000
trusted library allocation
page read and write
101A0000
trusted library allocation
page read and write
4B6800070000
trusted library allocation
page read and write
1599000
unkown
page write copy
433D000
trusted library allocation
page read and write
10397000
trusted library allocation
page read and write
100E0000
trusted library allocation
page read and write
BD413FB000
stack
page read and write
1463000
unkown
page write copy
3AD1000
direct allocation
page read and write
3B25000
trusted library allocation
page read and write
1894000
unkown
page readonly
103B0000
trusted library allocation
page read and write
2023000
heap
page read and write
102AD000
trusted library allocation
page read and write
1039F000
trusted library allocation
page read and write
10500000
trusted library allocation
page read and write
42ED000
trusted library allocation
page read and write
579800054000
trusted library allocation
page read and write
4B6800044000
trusted library allocation
page read and write
143B000
unkown
page write copy
4347000
trusted library allocation
page read and write
5798000AC000
trusted library allocation
page read and write
579800044000
trusted library allocation
page read and write
258B1840000
heap
page read and write
227000080000
trusted library allocation
page read and write
243933EA000
heap
page read and write
3A7000070000
trusted library allocation
page read and write
19D000
stack
page read and write
4B6800098000
trusted library allocation
page read and write
1E34000
heap
page read and write
579800098000
trusted library allocation
page read and write
3A7000044000
trusted library allocation
page read and write
579800001000
trusted library allocation
page read and write
1D737430000
heap
page read and write
1E34000
heap
page read and write
1E34000
heap
page read and write
1D7371F0000
heap
page read and write
258B1800000
remote allocation
page execute and read and write
1E34000
heap
page read and write
15A9000
unkown
page readonly
579800008000
trusted library allocation
page read and write
40DE000
stack
page read and write
1FE0000
direct allocation
page read and write
3A98000
direct allocation
page read and write
3B41000
heap
page read and write
579800018000
trusted library allocation
page read and write
4B6800058000
trusted library allocation
page read and write
227000064000
trusted library allocation
page read and write
10487000
trusted library allocation
page read and write
10296000
trusted library allocation
page read and write
101AB000
trusted library allocation
page read and write
10137000
trusted library allocation
page read and write
3F91000
direct allocation
page read and write
1FD0000
direct allocation
page execute and read and write
3A7000054000
trusted library allocation
page read and write
3AC3000
direct allocation
page read and write
10370000
heap
page read and write
4B680006C000
trusted library allocation
page read and write
1D736FF0000
remote allocation
page execute and read and write
1AD16D00000
heap
page read and write
1018F000
trusted library allocation
page read and write
101A6000
trusted library allocation
page read and write
227000018000
trusted library allocation
page read and write
3B41000
heap
page read and write
4B68000A8000
trusted library allocation
page read and write
1017F000
trusted library allocation
page read and write
1AD16C1F000
heap
page read and write
3A7000064000
trusted library allocation
page read and write
102A2000
trusted library allocation
page read and write
4B6800080000
trusted library allocation
page read and write
10090000
trusted library allocation
page read and write
3A89000
direct allocation
page read and write
4343000
trusted library allocation
page read and write
3A7000068000
trusted library allocation
page read and write
2999DFE000
unkown
page readonly
10272000
trusted library allocation
page read and write
434B000
trusted library allocation
page read and write
1417000
unkown
page execute read
1C72000
unkown
page readonly
5798000A8000
trusted library allocation
page read and write
1844000
unkown
page readonly
4350000
trusted library allocation
page read and write
102A8000
trusted library allocation
page read and write
44C000
unkown
page execute read
1D737100000
heap
page read and write
3D7E000
stack
page read and write
3E80000
heap
page read and write
42F5000
trusted library allocation
page read and write
227000008000
trusted library allocation
page read and write
A47E1FB000
stack
page read and write
4333000
trusted library allocation
page read and write
3B41000
heap
page read and write
24393370000
heap
page read and write
103F8000
trusted library allocation
page read and write
19FB000
unkown
page readonly
2026000
heap
page read and write
1D737435000
heap
page read and write
10498000
trusted library allocation
page read and write
1C59000
unkown
page readonly
2026000
heap
page read and write
1029B000
trusted library allocation
page read and write
1486000
unkown
page read and write
243933D9000
heap
page read and write
1FBE000
stack
page read and write
401000
unkown
page execute read
103E0000
trusted library allocation
page read and write
15A0000
unkown
page read and write
299BDFE000
unkown
page readonly
1BAC000
unkown
page readonly
1837000
unkown
page readonly
10278000
trusted library allocation
page read and write
1850000
unkown
page readonly
227000001000
trusted library allocation
page read and write
1BA9000
unkown
page readonly
3B20000
trusted library allocation
page read and write
187C000
unkown
page readonly
10260000
trusted library allocation
page read and write
3B1E000
stack
page read and write
1E7E000
stack
page read and write
3B30000
heap
page read and write
24393330000
heap
page read and write
45DF000
trusted library allocation
page read and write
243932F0000
remote allocation
page execute and read and write
4356000
trusted library allocation
page read and write
1CC9000
unkown
page readonly
1E34000
heap
page read and write
F7291FB000
stack
page read and write
299B5FE000
stack
page read and write
E4C000
unkown
page execute read
3A700006C000
trusted library allocation
page read and write
4B68000A8000
trusted library allocation
page read and write
1B45000
unkown
page readonly
141D000
unkown
page execute read
57980006C000
trusted library allocation
page read and write
10385000
trusted library allocation
page read and write
103A8000
trusted library allocation
page read and write
10400000
trusted library allocation
page read and write
10197000
trusted library allocation
page read and write
9C000
stack
page read and write
10330000
trusted library allocation
page read and write
1A24000
unkown
page readonly
4B6800054000
trusted library allocation
page read and write
258B1820000
heap
page read and write
10266000
trusted library allocation
page read and write
140001000
direct allocation
page execute and read and write
3B2A000
trusted library allocation
page read and write
100F5000
trusted library allocation
page read and write
100E0000
trusted library allocation
page read and write
18B0000
unkown
page readonly
1026B000
trusted library allocation
page read and write
3A70000AC000
trusted library allocation
page read and write
1AD16C26000
heap
page read and write
3AA6000
direct allocation
page read and write
1D736FC0000
remote allocation
page execute and read and write
258B18D5000
heap
page read and write
1CFA000
unkown
page readonly
3A9F000
direct allocation
page read and write
4B6800098000
trusted library allocation
page read and write
10337000
trusted library allocation
page read and write
258B18C8000
heap
page read and write
10282000
trusted library allocation
page read and write
24393360000
heap
page read and write
1011F000
trusted library allocation
page read and write
10320000
trusted library allocation
page read and write
1D7371F8000
heap
page read and write
3B25000
trusted library allocation
page read and write
1AD16BE0000
remote allocation
page execute and read and write
42D8000
trusted library allocation
page read and write
140001000
direct allocation
page execute and read and write
202C000
heap
page read and write
227000054000
trusted library allocation
page read and write
3AB4000
direct allocation
page read and write
1E34000
heap
page read and write
10187000
trusted library allocation
page read and write
22700002C000
trusted library allocation
page read and write
10290000
trusted library allocation
page read and write
1AD16C31000
heap
page read and write
258B1C20000
heap
page read and write
3ABC000
direct allocation
page read and write
42E7000
trusted library allocation
page read and write
10167000
trusted library allocation
page read and write
2270000A8000
trusted library allocation
page read and write
1F7F000
stack
page read and write
243933D0000
heap
page read and write
1AD16C00000
heap
page read and write
1E34000
heap
page read and write
40E0000
trusted library allocation
page read and write
10378000
trusted library allocation
page read and write
103E7000
trusted library allocation
page read and write
148D000
unkown
page read and write
143B000
unkown
page read and write
3B40000
heap
page read and write
10510000
trusted library allocation
page read and write
200E000
heap
page read and write
1E34000
heap
page read and write
102EF000
trusted library allocation
page read and write
1A31000
unkown
page readonly
243933E5000
heap
page read and write
40E4000
trusted library allocation
page read and write
3AE0000
trusted library allocation
page read and write
4B6800008000
trusted library allocation
page read and write
22700006C000
trusted library allocation
page read and write
1016D000
trusted library allocation
page read and write
258B18C0000
heap
page read and write
1CEE000
unkown
page readonly
4100000
trusted library allocation
page read and write
101B2000
trusted library allocation
page read and write
1E34000
heap
page read and write
432E000
trusted library allocation
page read and write
15AB000
unkown
page readonly
3B41000
heap
page read and write
10318000
trusted library allocation
page read and write
102F5000
trusted library allocation
page read and write
101BD000
trusted library allocation
page read and write
10090000
trusted library allocation
page read and write
227000044000
trusted library allocation
page read and write
4409000
trusted library allocation
page read and write
1C90000
unkown
page readonly
1469000
unkown
page write copy
1027D000
trusted library allocation
page read and write
102B2000
trusted library allocation
page read and write
1037F000
trusted library allocation
page read and write
258B17C0000
remote allocation
page execute and read and write
1C7E000
unkown
page readonly
3F90000
direct allocation
page readonly
24393310000
heap
page read and write
There are 327 hidden memdumps, click here to show them.