Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
171480967918559ee0f09356f718ff0dfe668220d8cc78479cff337022e437f871dc7d1b0b148.dat-decoded.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\Users\user\AppData\Roaming\171480967918559ee0f09356f718ff0dfe668220d8cc78479cff337022e437f871dc7d1b0b148.dat-decoded.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PQVGDF4CMSZRQWDY_504392513fa052336db2ee5882db6d9fc6cd58_7d3b1f41_f7ad1bbd-242b-418e-92ea-b991678e38b9\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7939.tmp.dmp
|
Mini DuMP crash report, 16 streams, Sat May 4 08:18:31 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AD1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AF1.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\Log.tmp
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\171480967918559ee0f09356f718ff0dfe668220d8cc78479cff337022e437f871dc7d1b0b148.dat-decoded.lnk
|
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat May 4 07:16:53
2024, mtime=Sat May 4 07:16:53 2024, atime=Sat May 4 07:16:53 2024, length=35840, window=hide
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\171480967918559ee0f09356f718ff0dfe668220d8cc78479cff337022e437f871dc7d1b0b148.dat-decoded.exe
|
"C:\Users\user\Desktop\171480967918559ee0f09356f718ff0dfe668220d8cc78479cff337022e437f871dc7d1b0b148.dat-decoded.exe"
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5464 -s 1532
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
xwormay8450.duckdns.org
|
|||
http://upx.sf.net
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
xwormay8450.duckdns.org
|
12.221.146.138
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
12.221.146.138
|
xwormay8450.duckdns.org
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
ProgramId
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
FileId
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
LowerCaseLongPath
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
LongPathHash
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Name
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
OriginalFileName
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Publisher
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Version
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
BinFileVersion
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
BinaryType
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
ProductName
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
ProductVersion
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
LinkDate
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
BinProductVersion
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
AppxPackageFullName
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Size
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Language
|
||
\REGISTRY\A\{10c18e09-d9dc-2cf9-1983-28b1bee6d662}\Root\InventoryApplicationFile\171480967918559e|b87864dac0e3c975
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
702000
|
unkown
|
page readonly
|
||
1BCF9000
|
stack
|
page read and write
|
||
7A0000
|
heap
|
page read and write
|
||
B6F000
|
heap
|
page read and write
|
||
1B942000
|
heap
|
page read and write
|
||
7FFB4B200000
|
trusted library allocation
|
page read and write
|
||
2E77000
|
trusted library allocation
|
page read and write
|
||
DB5000
|
heap
|
page read and write
|
||
DA0000
|
heap
|
page read and write
|
||
7FFB4B29C000
|
trusted library allocation
|
page execute and read and write
|
||
D30000
|
trusted library allocation
|
page read and write
|
||
B6A000
|
heap
|
page read and write
|
||
1B07D000
|
stack
|
page read and write
|
||
7FFB4B1F0000
|
trusted library allocation
|
page read and write
|
||
1B929000
|
heap
|
page read and write
|
||
7FFB4B23C000
|
trusted library allocation
|
page execute and read and write
|
||
12AF1000
|
trusted library allocation
|
page read and write
|
||
B80000
|
heap
|
page read and write
|
||
12B01000
|
trusted library allocation
|
page read and write
|
||
12AF3000
|
trusted library allocation
|
page read and write
|
||
2A2E000
|
stack
|
page read and write
|
||
7FFB4B2A0000
|
trusted library allocation
|
page execute and read and write
|
||
B55000
|
heap
|
page read and write
|
||
B4C000
|
heap
|
page read and write
|
||
B63000
|
heap
|
page read and write
|
||
1AB20000
|
trusted library allocation
|
page read and write
|
||
1000000
|
heap
|
page read and write
|
||
1AE73000
|
heap
|
page read and write
|
||
7FF4D71A0000
|
trusted library allocation
|
page execute and read and write
|
||
1080000
|
heap
|
page read and write
|
||
1063000
|
heap
|
page read and write
|
||
7FFB4B300000
|
trusted library allocation
|
page execute and read and write
|
||
1B900000
|
heap
|
page read and write
|
||
D20000
|
trusted library allocation
|
page read and write
|
||
DB0000
|
heap
|
page read and write
|
||
BB7000
|
heap
|
page read and write
|
||
C02000
|
heap
|
page read and write
|
||
2E75000
|
trusted library allocation
|
page read and write
|
||
700000
|
unkown
|
page readonly
|
||
7FFB4B1FD000
|
trusted library allocation
|
page execute and read and write
|
||
D60000
|
heap
|
page read and write
|
||
1B8FD000
|
stack
|
page read and write
|
||
7FFB4B1ED000
|
trusted library allocation
|
page execute and read and write
|
||
D33000
|
trusted library allocation
|
page read and write
|
||
7FFB4B1E3000
|
trusted library allocation
|
page execute and read and write
|
||
1B7FE000
|
stack
|
page read and write
|
||
7FFB4B2C6000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4B290000
|
trusted library allocation
|
page read and write
|
||
7FFB4B1E4000
|
trusted library allocation
|
page read and write
|
||
7FFB4B296000
|
trusted library allocation
|
page read and write
|
||
700000
|
unkown
|
page readonly
|
||
B72000
|
heap
|
page read and write
|
||
1B5FF000
|
stack
|
page read and write
|
||
B82000
|
heap
|
page read and write
|
||
BAD000
|
heap
|
page read and write
|
||
B40000
|
heap
|
page read and write
|
||
1B6FE000
|
stack
|
page read and write
|
||
2AE0000
|
heap
|
page execute and read and write
|
||
790000
|
heap
|
page read and write
|
||
1BDF8000
|
stack
|
page read and write
|
||
7FFB4B380000
|
trusted library allocation
|
page read and write
|
||
70C000
|
unkown
|
page readonly
|
||
7FFB4B20D000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4B1F2000
|
trusted library allocation
|
page read and write
|
||
B30000
|
trusted library allocation
|
page read and write
|
||
1085000
|
heap
|
page read and write
|
||
1030000
|
heap
|
page execute and read and write
|
||
B6D000
|
heap
|
page read and write
|
||
7C0000
|
heap
|
page read and write
|
||
AF1000
|
stack
|
page read and write
|
||
7E0000
|
heap
|
page read and write
|
||
1B926000
|
heap
|
page read and write
|
||
12AF8000
|
trusted library allocation
|
page read and write
|
||
2AF1000
|
trusted library allocation
|
page read and write
|
||
1060000
|
heap
|
page read and write
|
||
1BAFE000
|
stack
|
page read and write
|
||
1BBF5000
|
stack
|
page read and write
|
There are 67 hidden memdumps, click here to show them.