Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
mkFOY01Gl5.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mkFOY01Gl5.exe_f17527364e8b6e37285ab788bb2a9768f98071_61a3bbc4_8792fd5b-a84f-4d64-8493-38f89d51577a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_c9bfd8d07f254ebe8912d43c52adf5e55266565a_e47d3db6_cc4100ba-9324-4e3f-bbf5-c9151601b391\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 07:23:34 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EC4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F23.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA935.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Jul 1 07:24:01 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA50.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA70.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\mkFOY01Gl5.exe
|
"C:\Users\user\Desktop\mkFOY01Gl5.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 304
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 1796
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ellaboratepwsz.xyzu
|
|
||
|
towerxxuytwi.xyzd
|
|
||
|
foodypannyjsud.shop
|
|
||
|
pedestriankodwu.xyz
|
|
||
|
contintnetksows.shop
|
|
||
|
potterryisiw.shop
|
|
||
|
penetratedpoopp.xyz
|
|
||
|
swellfrrgwwos.xyz
|
|
||
|
https://potterryisiw.shop/apiA48)
|
unknown
|
||
|
https://potterryisiw.shop/t
|
unknown
|
||
|
https://potterryisiw.shop/pi
|
unknown
|
||
|
https://potterryisiw.shop/piR
|
unknown
|
||
|
https://potterryisiw.shop/api
|
188.114.96.3
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://potterryisiw.shop/(q
|
unknown
|
||
|
https://potterryisiw.shop/lli
|
unknown
|
||
|
https://potterryisiw.shop/
|
unknown
|
||
|
https://potterryisiw.shop/api44
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
potterryisiw.shop
|
188.114.96.3
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
188.114.96.3
|
potterryisiw.shop
|
European Union
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProgramId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
FileId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LongPathHash
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Name
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
OriginalFileName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Publisher
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Version
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinFileVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinaryType
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProductName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProductVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LinkDate
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinProductVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Size
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Language
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Usn
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProgramId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
FileId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LongPathHash
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Name
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
OriginalFileName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Publisher
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Version
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinFileVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinaryType
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LinkDate
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinProductVersion
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Size
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Language
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
IsOsComponent
|
||
|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Usn
|
There are 29 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
400000
|
remote allocation
|
page execute and read and write
|
|
|
|
750000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
279D000
|
stack
|
page read and write
|
||
|
265D000
|
stack
|
page read and write
|
||
|
1BC000
|
stack
|
page read and write
|
||
|
2C3E000
|
stack
|
page read and write
|
||
|
C16000
|
heap
|
page read and write
|
||
|
289D000
|
stack
|
page read and write
|
||
|
B98000
|
heap
|
page read and write
|
||
|
2EBD000
|
trusted library allocation
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
171000
|
unkown
|
page readonly
|
||
|
B6A000
|
heap
|
page read and write
|
||
|
98F000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
C40000
|
heap
|
page read and write
|
||
|
AE0000
|
heap
|
page read and write
|
||
|
74F000
|
stack
|
page read and write
|
||
|
2D3F000
|
stack
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
2F90000
|
heap
|
page read and write
|
||
|
83B000
|
stack
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
995000
|
heap
|
page read and write
|
||
|
990000
|
heap
|
page read and write
|
||
|
63E000
|
stack
|
page read and write
|
||
|
75A000
|
heap
|
page read and write
|
||
|
227E000
|
stack
|
page read and write
|
||
|
30EE000
|
stack
|
page read and write
|
||
|
BB0000
|
heap
|
page read and write
|
||
|
217E000
|
stack
|
page read and write
|
||
|
D9E000
|
stack
|
page read and write
|
||
|
B86000
|
heap
|
page read and write
|
||
|
B60000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
2F0E000
|
trusted library allocation
|
page read and write
|
||
|
115000
|
unkown
|
page readonly
|
||
|
F1000
|
unkown
|
page execute read
|
||
|
31EF000
|
stack
|
page read and write
|
||
|
BF5000
|
heap
|
page read and write
|
||
|
22C0000
|
direct allocation
|
page execute and read and write
|
||
|
171000
|
unkown
|
page readonly
|
||
|
ADE000
|
stack
|
page read and write
|
||
|
23DD000
|
stack
|
page read and write
|
||
|
C0E000
|
heap
|
page read and write
|
||
|
D5F000
|
stack
|
page read and write
|
||
|
275E000
|
stack
|
page read and write
|
||
|
C10000
|
heap
|
page read and write
|
||
|
120000
|
unkown
|
page read and write
|
||
|
4FD000
|
stack
|
page read and write
|
||
|
2F4A000
|
trusted library allocation
|
page read and write
|
||
|
C26000
|
heap
|
page read and write
|
||
|
115000
|
unkown
|
page readonly
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
DB0000
|
heap
|
page read and write
|
||
|
76D000
|
heap
|
page read and write
|
||
|
3400000
|
heap
|
page read and write
|
||
|
F0000
|
unkown
|
page readonly
|
||
|
980000
|
heap
|
page read and write
|
||
|
120000
|
unkown
|
page write copy
|
||
|
22BD000
|
stack
|
page read and write
|
||
|
F1000
|
unkown
|
page execute read
|
||
|
C32000
|
heap
|
page read and write
|
||
|
2F50000
|
trusted library allocation
|
page read and write
|
||
|
454000
|
remote allocation
|
page execute and read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
32BF000
|
trusted library allocation
|
page read and write
|
||
|
2E90000
|
trusted library allocation
|
page read and write
|
||
|
2F43000
|
trusted library allocation
|
page read and write
|
||
|
93A000
|
stack
|
page read and write
|
||
|
C22000
|
heap
|
page read and write
|
||
|
2E7E000
|
stack
|
page read and write
|
||
|
A70000
|
heap
|
page read and write
|
||
|
BB3000
|
heap
|
page read and write
|
||
|
2EEE000
|
trusted library allocation
|
page read and write
|
||
|
88E000
|
stack
|
page read and write
|
||
|
B3E000
|
stack
|
page read and write
|
||
|
B8F000
|
heap
|
page read and write
|
||
|
2E9C000
|
trusted library allocation
|
page read and write
|
There are 71 hidden memdumps, click here to show them.