Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
p3aYwXKO5T.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_739d586cc05ff593cef168b7ca7bd46426c9c3_92367cbf_474a8dae-3ccd-43ed-ac57-4df3917c0b2b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_0ee9c536-c995-43ff-92ed-ceaea6261b42\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_25c7a264-285f-476a-bf9c-5bd695861cda\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_26959f14-b1e3-4dfc-977a-d6b37ebf56ed\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_3bf719fb-40db-4ba8-9620-738d2049b21e\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_6a3dd91d-87cf-4339-a240-a0ce1f09b8dc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_75365df1-5378-4519-9779-2764413d9978\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_790c495c-a558-4326-8bf7-54f23c25712a\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_a893414a-5aa6-4a61-8118-d344bc6c0651\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_p3aYwXKO5T.exe_f8ef4cd7629ba1b8065383a211c32b655eb30e9_92367cbf_ecc606bd-04cb-4ad5-9c3e-d14d1d254d43\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_53d0242d6f2929c1eab1bd80215eefe2448897_360c380b_156860db-0bc0-4e41-b7c6-903726266438\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_53d0242d6f2929c1eab1bd80215eefe2448897_360c380b_99c65e1a-ffe2-4de3-871c-0a5eee8df84f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_53d0242d6f2929c1eab1bd80215eefe2448897_360c380b_ad27e63f-16e9-412d-ae61-dc44aa9e2cee\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_53d0242d6f2929c1eab1bd80215eefe2448897_360c380b_fdd1cbc7-4de7-4dd1-a680-853a1c90eb95\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_aa21a44855daeec5317d1c87b7d7da242ddf3b1_360c380b_5664fff1-f605-4429-a159-fc69966ad3d3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER174B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1826.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1856.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1AE5.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:22 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B53.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1B83.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DA4.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:23 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E8F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EAF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2295.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:24 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2342.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2362.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2564.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:25 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER25F2.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2612.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER290E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BFD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C1D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E5D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:27 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F29.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F49.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER310C.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:28 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER31AA.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER31DA.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER36AA.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:30 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3757.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER37B6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3B4D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 05:58:31 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3CC5.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3D34.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5379.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 05:58:37 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5407.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5456.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCC2.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 05:59:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD02.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD22.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4F0.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 05:59:06 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC56E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC58E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC761.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 05:59:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7C0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC7FF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC9C2.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 05:59:07 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCA21.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB1C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Tasks\skotes.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 55 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\p3aYwXKO5T.exe
|
"C:\Users\user\Desktop\p3aYwXKO5T.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 724
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 772
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 804
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 856
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 784
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 432 -ip 432
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 904
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1012
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1044
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1140
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1476
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 476
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 524
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 536
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 720
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 720
|
There are 10 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.43/Zu7JuNko/index.php
|
185.215.113.43
|
|
|
|
http://185.215.113.43/Zu7JuNko/index.php)X
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phps
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpT
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpz
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.php(Y
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.php38c2817dba29a4b5b25dcf02d1
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.php8X
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpC
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpi
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpncoded
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.php(
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phph
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpL
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpmX
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.php0
|
unknown
|
There are 7 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.43
|
unknown
|
Portugal
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
ProgramId
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
FileId
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
LongPathHash
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Name
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
OriginalFileName
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Publisher
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Version
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
BinFileVersion
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
BinaryType
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
ProductName
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
ProductVersion
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
LinkDate
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
BinProductVersion
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Size
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Language
|
||
|
\REGISTRY\A\{be25f885-b152-43e1-cbeb-b83f042e9e6f}\Root\InventoryApplicationFile\p3aywxko5t.exe|4799254c895de46a
|
Usn
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
ProgramId
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
FileId
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
LongPathHash
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Name
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
OriginalFileName
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Publisher
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Version
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
BinFileVersion
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
BinaryType
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
ProductName
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
ProductVersion
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
LinkDate
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
BinProductVersion
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Size
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Language
|
||
|
\REGISTRY\A\{9fa5a8aa-95d0-604e-ccd2-8ebe6f67dcea}\Root\InventoryApplicationFile\skotes.exe|1e1d80d020b44249
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018C00B8F8B0D2B
|
There are 32 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2190000
|
direct allocation
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2390000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
2220000
|
direct allocation
|
page read and write
|
|
|
|
22F0000
|
direct allocation
|
page read and write
|
|
|
|
2320000
|
direct allocation
|
page execute and read and write
|
|
|
|
20A0000
|
direct allocation
|
page execute and read and write
|
|
|
|
7DD000
|
heap
|
page read and write
|
||
|
5AC000
|
heap
|
page execute and read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
2EEE000
|
stack
|
page read and write
|
||
|
3FAC000
|
stack
|
page read and write
|
||
|
7A0000
|
heap
|
page execute and read and write
|
||
|
780000
|
heap
|
page read and write
|
||
|
2B2D000
|
stack
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
2456000
|
heap
|
page read and write
|
||
|
8BF000
|
stack
|
page read and write
|
||
|
4130000
|
heap
|
page read and write
|
||
|
23E8000
|
stack
|
page read and write
|
||
|
5FF0000
|
trusted library allocation
|
page read and write
|
||
|
2774000
|
heap
|
page read and write
|
||
|
4421000
|
heap
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
590000
|
heap
|
page read and write
|
||
|
239B000
|
stack
|
page read and write
|
||
|
447000
|
unkown
|
page write copy
|
||
|
79F000
|
heap
|
page execute and read and write
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
86D000
|
heap
|
page read and write
|
||
|
412C000
|
stack
|
page read and write
|
||
|
7BE000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
442A000
|
heap
|
page read and write
|
||
|
23B0000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
447000
|
unkown
|
page write copy
|
||
|
542000
|
unkown
|
page readonly
|
||
|
59A000
|
heap
|
page read and write
|
||
|
A7F000
|
stack
|
page read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
2290000
|
heap
|
page read and write
|
||
|
3AD5000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
85B000
|
heap
|
page read and write
|
||
|
255B000
|
stack
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
3A9D000
|
stack
|
page read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
3AD0000
|
heap
|
page read and write
|
||
|
570000
|
heap
|
page read and write
|
||
|
7D8000
|
heap
|
page read and write
|
||
|
227F000
|
stack
|
page read and write
|
||
|
3D5D000
|
stack
|
page read and write
|
||
|
3BDE000
|
stack
|
page read and write
|
||
|
3AB0000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
5E5000
|
heap
|
page read and write
|
||
|
4436000
|
heap
|
page read and write
|
||
|
19A000
|
stack
|
page read and write
|
||
|
811000
|
heap
|
page read and write
|
||
|
4421000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
650000
|
heap
|
page read and write
|
||
|
5A4E000
|
stack
|
page read and write
|
||
|
69E000
|
stack
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
443F000
|
heap
|
page read and write
|
||
|
7D9000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6A0000
|
heap
|
page read and write
|
||
|
843000
|
heap
|
page read and write
|
||
|
447000
|
unkown
|
page write copy
|
||
|
2450000
|
heap
|
page read and write
|
||
|
267E000
|
stack
|
page read and write
|
||
|
209E000
|
stack
|
page read and write
|
||
|
457E000
|
heap
|
page read and write
|
||
|
861000
|
heap
|
page read and write
|
||
|
243C000
|
stack
|
page read and write
|
||
|
2ABE000
|
stack
|
page read and write
|
||
|
3EAC000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
2220000
|
heap
|
page read and write
|
||
|
3D1E000
|
stack
|
page read and write
|
||
|
790000
|
heap
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
6DE000
|
stack
|
page read and write
|
||
|
393C000
|
stack
|
page read and write
|
||
|
22E0000
|
heap
|
page read and write
|
||
|
5EB000
|
heap
|
page read and write
|
||
|
297E000
|
stack
|
page read and write
|
||
|
2210000
|
heap
|
page read and write
|
||
|
19D000
|
stack
|
page read and write
|
||
|
29BD000
|
stack
|
page read and write
|
||
|
4570000
|
heap
|
page read and write
|
||
|
4580000
|
heap
|
page read and write
|
||
|
59E000
|
heap
|
page read and write
|
||
|
2390000
|
heap
|
page read and write
|
||
|
283E000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
2C7D000
|
stack
|
page read and write
|
||
|
2770000
|
heap
|
page read and write
|
||
|
402C000
|
stack
|
page read and write
|
||
|
2D7D000
|
stack
|
page read and write
|
||
|
3AC0000
|
heap
|
page read and write
|
||
|
227C000
|
stack
|
page read and write
|
||
|
645000
|
heap
|
page read and write
|
||
|
7FF000
|
heap
|
page read and write
|
||
|
4436000
|
heap
|
page read and write
|
||
|
640000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
2C2E000
|
stack
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
287D000
|
stack
|
page read and write
|
||
|
97F000
|
stack
|
page read and write
|
||
|
3A3E000
|
stack
|
page read and write
|
||
|
23C0000
|
heap
|
page read and write
|
||
|
4476000
|
heap
|
page read and write
|
||
|
4420000
|
heap
|
page read and write
|
||
|
78A000
|
heap
|
page read and write
|
||
|
67F0000
|
heap
|
page read and write
|
||
|
3E5E000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
4132000
|
heap
|
page read and write
|
||
|
B7F000
|
stack
|
page read and write
|
||
|
2DED000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
19D000
|
stack
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
78E000
|
heap
|
page read and write
|
||
|
273D000
|
stack
|
page read and write
|
||
|
797000
|
heap
|
page read and write
|
||
|
542000
|
unkown
|
page readonly
|
||
|
594D000
|
stack
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
71E000
|
stack
|
page read and write
|
||
|
830000
|
heap
|
page read and write
|
||
|
2440000
|
heap
|
page read and write
|
||
|
3C1D000
|
stack
|
page read and write
|
||
|
870000
|
heap
|
page read and write
|
||
|
2570000
|
heap
|
page read and write
|
||
|
444000
|
unkown
|
page readonly
|
||
|
7F2000
|
heap
|
page read and write
|
There are 140 hidden memdumps, click here to show them.