IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_05057d34\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0789c3c3\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fa97499\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fb9b83a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_14062c50\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_1431a86b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17918727\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17c5cdc5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17e1912a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_83ec7e94952b3dcbb61bd30e98682b9f65d64_440dec59_0e4aaad7\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\soft[1]
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dll[1]
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Bunifu_UI_v1.5.3.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Cleaner.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER276E.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:30:19 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2A00.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2ACC.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER70B1.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:32 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72A6.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7334.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER790E.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:35 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B03.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7BA0.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8245.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:37 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER84A8.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8545.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8C48.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:40 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8E7B.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F09.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER957F.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:43 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D7F.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4CC.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:30:52 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA550.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA77D.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA849.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB28D.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:50 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB608.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6A5.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBE54.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:53 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1DF.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC26D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC980.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:29:55 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC01.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCC9E.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\library[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\fuckingdllENCR[1].dll
data
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\ping[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\ping[1].htm
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\library[1].htm
very short file (no magic)
dropped
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\ping[1].htm
very short file (no magic)
dropped
C:\Users\user\Desktop\Cleaner.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Oct 3 23:30:18 2022, mtime=Mon Oct 3 23:30:18 2022, atime=Mon Oct 3 23:30:18 2022, length=3947920, window=hide
dropped
There are 42 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\file.exe
C:\Users\user\Desktop\file.exe
malicious
C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Cleaner.exe
"C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Cleaner.exe"
malicious