Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
mkFOY01Gl5.exe
|
PE32 executable (console) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mkFOY01Gl5.exe_f17527364e8b6e37285ab788bb2a9768f98071_61a3bbc4_8792fd5b-a84f-4d64-8493-38f89d51577a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_c9bfd8d07f254ebe8912d43c52adf5e55266565a_e47d3db6_cc4100ba-9324-4e3f-bbf5-c9151601b391\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3E66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Jul 1 07:23:34 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EC4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3F23.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA935.tmp.dmp
|
Mini DuMP crash report, 15 streams, Mon Jul 1 07:24:01 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA50.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA70.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\mkFOY01Gl5.exe
|
"C:\Users\user\Desktop\mkFOY01Gl5.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 304
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 1796
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
ellaboratepwsz.xyzu
|
|||
towerxxuytwi.xyzd
|
|||
foodypannyjsud.shop
|
|||
pedestriankodwu.xyz
|
|||
contintnetksows.shop
|
|||
potterryisiw.shop
|
|||
penetratedpoopp.xyz
|
|||
swellfrrgwwos.xyz
|
|||
https://potterryisiw.shop/apiA48)
|
unknown
|
||
https://potterryisiw.shop/t
|
unknown
|
||
https://potterryisiw.shop/pi
|
unknown
|
||
https://potterryisiw.shop/piR
|
unknown
|
||
https://potterryisiw.shop/api
|
188.114.96.3
|
||
http://upx.sf.net
|
unknown
|
||
https://potterryisiw.shop/(q
|
unknown
|
||
https://potterryisiw.shop/lli
|
unknown
|
||
https://potterryisiw.shop/
|
unknown
|
||
https://potterryisiw.shop/api44
|
unknown
|
There are 8 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
potterryisiw.shop
|
188.114.96.3
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
188.114.96.3
|
potterryisiw.shop
|
European Union
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProgramId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
FileId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LowerCaseLongPath
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LongPathHash
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Name
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
OriginalFileName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Publisher
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Version
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinFileVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinaryType
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProductName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
ProductVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
LinkDate
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
BinProductVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
AppxPackageFullName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Size
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Language
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\mkfoy01gl5.exe|27fed3079478329b
|
Usn
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProgramId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
FileId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LowerCaseLongPath
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LongPathHash
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Name
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
OriginalFileName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Publisher
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Version
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinFileVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinaryType
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LinkDate
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinProductVersion
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageFullName
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Size
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Language
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
IsOsComponent
|
||
\REGISTRY\A\{440cf6dd-a614-6238-5a4b-92bba0106288}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Usn
|
There are 29 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
remote allocation
|
page execute and read and write
|
||
750000
|
heap
|
page read and write
|
||
510000
|
heap
|
page read and write
|
||
279D000
|
stack
|
page read and write
|
||
265D000
|
stack
|
page read and write
|
||
1BC000
|
stack
|
page read and write
|
||
2C3E000
|
stack
|
page read and write
|
||
C16000
|
heap
|
page read and write
|
||
289D000
|
stack
|
page read and write
|
||
B98000
|
heap
|
page read and write
|
||
2EBD000
|
trusted library allocation
|
page read and write
|
||
C1F000
|
heap
|
page read and write
|
||
171000
|
unkown
|
page readonly
|
||
B6A000
|
heap
|
page read and write
|
||
98F000
|
stack
|
page read and write
|
||
640000
|
heap
|
page read and write
|
||
C40000
|
heap
|
page read and write
|
||
AE0000
|
heap
|
page read and write
|
||
74F000
|
stack
|
page read and write
|
||
2D3F000
|
stack
|
page read and write
|
||
22D0000
|
heap
|
page read and write
|
||
2F90000
|
heap
|
page read and write
|
||
83B000
|
stack
|
page read and write
|
||
C2E000
|
heap
|
page read and write
|
||
995000
|
heap
|
page read and write
|
||
990000
|
heap
|
page read and write
|
||
63E000
|
stack
|
page read and write
|
||
75A000
|
heap
|
page read and write
|
||
227E000
|
stack
|
page read and write
|
||
30EE000
|
stack
|
page read and write
|
||
BB0000
|
heap
|
page read and write
|
||
217E000
|
stack
|
page read and write
|
||
D9E000
|
stack
|
page read and write
|
||
B86000
|
heap
|
page read and write
|
||
B60000
|
heap
|
page read and write
|
||
5F0000
|
heap
|
page read and write
|
||
75E000
|
heap
|
page read and write
|
||
2F0E000
|
trusted library allocation
|
page read and write
|
||
115000
|
unkown
|
page readonly
|
||
F1000
|
unkown
|
page execute read
|
||
31EF000
|
stack
|
page read and write
|
||
BF5000
|
heap
|
page read and write
|
||
22C0000
|
direct allocation
|
page execute and read and write
|
||
171000
|
unkown
|
page readonly
|
||
ADE000
|
stack
|
page read and write
|
||
23DD000
|
stack
|
page read and write
|
||
C0E000
|
heap
|
page read and write
|
||
D5F000
|
stack
|
page read and write
|
||
275E000
|
stack
|
page read and write
|
||
C10000
|
heap
|
page read and write
|
||
120000
|
unkown
|
page read and write
|
||
4FD000
|
stack
|
page read and write
|
||
2F4A000
|
trusted library allocation
|
page read and write
|
||
C26000
|
heap
|
page read and write
|
||
115000
|
unkown
|
page readonly
|
||
F0000
|
unkown
|
page readonly
|
||
DB0000
|
heap
|
page read and write
|
||
76D000
|
heap
|
page read and write
|
||
3400000
|
heap
|
page read and write
|
||
F0000
|
unkown
|
page readonly
|
||
980000
|
heap
|
page read and write
|
||
120000
|
unkown
|
page write copy
|
||
22BD000
|
stack
|
page read and write
|
||
F1000
|
unkown
|
page execute read
|
||
C32000
|
heap
|
page read and write
|
||
2F50000
|
trusted library allocation
|
page read and write
|
||
454000
|
remote allocation
|
page execute and read and write
|
||
2D7D000
|
stack
|
page read and write
|
||
32BF000
|
trusted library allocation
|
page read and write
|
||
2E90000
|
trusted library allocation
|
page read and write
|
||
2F43000
|
trusted library allocation
|
page read and write
|
||
93A000
|
stack
|
page read and write
|
||
C22000
|
heap
|
page read and write
|
||
2E7E000
|
stack
|
page read and write
|
||
A70000
|
heap
|
page read and write
|
||
BB3000
|
heap
|
page read and write
|
||
2EEE000
|
trusted library allocation
|
page read and write
|
||
88E000
|
stack
|
page read and write
|
||
B3E000
|
stack
|
page read and write
|
||
B8F000
|
heap
|
page read and write
|
||
2E9C000
|
trusted library allocation
|
page read and write
|
There are 71 hidden memdumps, click here to show them.