IOC Report
file.exe

loading gif

Files

File Path
Type
Category
Malicious
file.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_054230ad\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_06fdd724\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_0831a7e6\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_0ba59066\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_10519f99\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_1209c12b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_121597e8\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_1745ca23\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_17858673\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_e5c8e0fd69b3d1364c1ea6934df3966ffe947bd_440dec59_140eaddc\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_05057d34\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0789c3c3\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fa97499\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_0fb9b83a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_14062c50\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_1431a86b\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17918727\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17c5cdc5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_43a044097e5f3ef507ce7a9f19c0e6d280fb_440dec59_17e1912a\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_83ec7e94952b3dcbb61bd30e98682b9f65d64_440dec59_0e4aaad7\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\soft[1]
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\dll[1]
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Bunifu_UI_v1.5.3.dll
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\Users\user\AppData\Local\Temp\6clvSx8en71SUl1hUuzQ6n56lWM0\Cleaner.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CC5.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:39 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FB4.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3052.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8385.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:41:55 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER857A.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8618.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D78.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:41:58 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F6D.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER900A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER94FA.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:00 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER96EF.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER978C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C6C.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:02 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9EA0.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F2D.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA536.tmp.dmp
Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:04 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA72B.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA78A.tmp.xml