Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
yjzllYsjlU.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_1dfe3e94b198917810753298a9aa7445bcd8db4_8cd1c366_29b34a38-39c1-4b0b-8701-b141403d475f\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_09477d72-c3db-4fb9-94d5-24870ab915c0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_0ed18c80-650a-4e2f-9ac8-a6bb4143fdd0\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_2d546be1-8b6d-4947-8971-64529febfbcf\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_38f69cbd-7ca2-4799-b432-e6ed18fd5571\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_3cf51925-8aa6-4c17-bb4b-fc367a41256b\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_9a9818d2-3f10-4581-ad2e-918f8f2edefd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_9bcc5ca9-d1e1-49d3-b39b-4c51660d8ba1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_a94248d9-efeb-479e-a432-9e1c134e14fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yjzllYsjlU.exe_4363f676aae74bac2ea5a449ac7ab892edc3967c_8cd1c366_d481bc4e-90c6-4cdb-9ff0-71814e021ac5\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
|
|
|
C:\Users\user\1000026002\0f2a0c16ee.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\random[1].exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\1000023001\532d9160c6.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
modified
|
|
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_1a335e5a41ca67f8c458c244e983f207da8cbdd_360c380b_3c1a7e6c-414e-4f0b-80ef-5dbce2fa66fd\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_1a335e5a41ca67f8c458c244e983f207da8cbdd_360c380b_58748952-2293-4572-925d-4136e590bc4d\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_1a335e5a41ca67f8c458c244e983f207da8cbdd_360c380b_cce11016-84c2-4d24-afb7-19932148b3a7\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_1a335e5a41ca67f8c458c244e983f207da8cbdd_360c380b_de1dae57-bcbb-45b1-aa27-18a1e1f22305\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_skotes.exe_b230dc6fc163fdde8365dc55937a5169439a2_360c380b_6dcdc8c6-df7e-46a7-9ca7-325d7431e179\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER10FD.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER110.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER111D.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER134E.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:38 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13BC.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER140B.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER168A.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:39 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1765.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1795.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1BBA.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:40 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CC4.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE5.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1EF6.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:41 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FF1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2011.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER25FB.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:43 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2734.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2755.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER288B.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 08:32:44 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2938.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2968.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:33 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER42B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:35 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER67D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER69E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6A38.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 08:33:00 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AA6.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AD6.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER72B3.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 08:33:02 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7351.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7371.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7582.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 08:33:03 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER764E.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER766F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7832.tmp.dmp
|
Mini DuMP crash report, 14 streams, Wed Sep 25 08:33:04 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER78CF.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER78FF.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER90D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:35 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E9.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB8D.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:36 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC3A.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC6A.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE7B.tmp.dmp
|
Mini DuMP crash report, 15 streams, Wed Sep 25 08:32:37 2024, 0x1205a4 type
|
dropped
|
||
|
C:\Windows\Tasks\skotes.job
|
data
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 58 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\yjzllYsjlU.exe
|
"C:\Users\user\Desktop\yjzllYsjlU.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
|
|
|
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 720
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 788
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 852
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 896
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 920
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 852
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 1044
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 1120
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 1176
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 1400
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 468
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 536
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 732
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 740
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 756
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://185.215.113.43/Zu7JuNko/index.php
|
185.215.113.43
|
|
|
|
http://185.215.113.43/Zu7JuNko/index.php6
|
unknown
|
||
|
http://185.215.113.103/steam/random.exe;
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpxe
|
unknown
|
||
|
http://185.215.113.43/fac00b58981f4a4e1a0ce7e9f0e5ebf5de04349025080d9#
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpx
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpxe9/:x
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpb
|
unknown
|
||
|
http://185.215.113.43/
|
unknown
|
||
|
http://185.215.113.103/mine/random.exe
|
185.215.113.103
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpy1mb3JtLXVybGVuY29kZWQ=
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpncoded
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpn
|
unknown
|
||
|
http://185.215.113.43/Zu7JuNko/index.phpnu
|
unknown
|
||
|
http://185.215.113.103/steam/random.exe
|
185.215.113.103
|
||
|
http://185.215.113.43/Zu7JuNko/index.php38c2817dba29a4b5b25dcf0
|
unknown
|
There are 7 hidden URLs, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
185.215.113.43
|
unknown
|
Portugal
|
|
|
|
185.215.113.103
|
unknown
|
Portugal
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
ProgramId
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
FileId
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
LongPathHash
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Name
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
OriginalFileName
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Publisher
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Version
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
BinFileVersion
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
BinaryType
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
ProductName
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
ProductVersion
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
LinkDate
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
BinProductVersion
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Size
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Language
|
||
|
\REGISTRY\A\{25735089-7bd3-d563-63c8-66e57e8618ab}\Root\InventoryApplicationFile\yjzllysjlu.exe|ba3690bcb11126ec
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
ProgramId
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
FileId
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
LongPathHash
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Name
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
OriginalFileName
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Publisher
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Version
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
BinFileVersion
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
BinaryType
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
ProductName
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
ProductVersion
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
LinkDate
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
BinProductVersion
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Size
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Language
|
||
|
\REGISTRY\A\{c6fd6be2-6068-4be7-0d46-07b89b204254}\Root\InventoryApplicationFile\skotes.exe|135ed4fa72255310
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
0f2a0c16ee.exe
|
There are 33 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
21F0000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
620000
|
direct allocation
|
page execute and read and write
|
|
|
|
2170000
|
direct allocation
|
page execute and read and write
|
|
|
|
21E0000
|
direct allocation
|
page read and write
|
|
|
|
2180000
|
direct allocation
|
page execute and read and write
|
|
|
|
2160000
|
direct allocation
|
page read and write
|
|
|
|
400000
|
unkown
|
page execute and read and write
|
|
|
|
484000
|
unkown
|
page readonly
|
||
|
4226000
|
heap
|
page read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
3170000
|
heap
|
page read and write
|
||
|
3C7D000
|
stack
|
page read and write
|
||
|
236C000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
484000
|
unkown
|
page readonly
|
||
|
6DA000
|
heap
|
page read and write
|
||
|
2E1E000
|
stack
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
2CDD000
|
stack
|
page read and write
|
||
|
62E000
|
stack
|
page read and write
|
||
|
198000
|
stack
|
page read and write
|
||
|
3ADE000
|
stack
|
page read and write
|
||
|
3B1D000
|
stack
|
page read and write
|
||
|
58D000
|
heap
|
page read and write
|
||
|
2EAD000
|
stack
|
page read and write
|
||
|
4239000
|
heap
|
page read and write
|
||
|
2228000
|
stack
|
page read and write
|
||
|
6C7000
|
heap
|
page read and write
|
||
|
52C000
|
heap
|
page execute and read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
6D0000
|
heap
|
page execute and read and write
|
||
|
51E000
|
heap
|
page read and write
|
||
|
7AF000
|
heap
|
page read and write
|
||
|
600000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2170000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
2A5E000
|
stack
|
page read and write
|
||
|
3C30000
|
heap
|
page read and write
|
||
|
5CF000
|
heap
|
page read and write
|
||
|
219C000
|
stack
|
page read and write
|
||
|
295D000
|
stack
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
8CF000
|
stack
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
484000
|
unkown
|
page readonly
|
||
|
5FF000
|
heap
|
page read and write
|
||
|
389D000
|
stack
|
page read and write
|
||
|
39DD000
|
stack
|
page read and write
|
||
|
484000
|
unkown
|
page readonly
|
||
|
6C0000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
709000
|
heap
|
page read and write
|
||
|
75E000
|
heap
|
page read and write
|
||
|
726000
|
heap
|
page read and write
|
||
|
4360000
|
heap
|
page read and write
|
||
|
5F2000
|
heap
|
page read and write
|
||
|
580000
|
heap
|
page read and write
|
||
|
5E9000
|
heap
|
page read and write
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
670000
|
heap
|
page read and write
|
||
|
72B000
|
heap
|
page read and write
|
||
|
9C000
|
stack
|
page read and write
|
||
|
64E000
|
stack
|
page read and write
|
||
|
5F5000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
4228000
|
heap
|
page read and write
|
||
|
5ACC000
|
stack
|
page read and write
|
||
|
41C0000
|
heap
|
page read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
2164000
|
heap
|
page read and write
|
||
|
51A000
|
heap
|
page read and write
|
||
|
399E000
|
stack
|
page read and write
|
||
|
6ED000
|
heap
|
page execute and read and write
|
||
|
59CC000
|
stack
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
676000
|
heap
|
page read and write
|
||
|
23D0000
|
heap
|
page read and write
|
||
|
44C000
|
unkown
|
page write copy
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
232B000
|
stack
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
79E000
|
heap
|
page read and write
|
||
|
8C0000
|
heap
|
page read and write
|
||
|
2B9E000
|
stack
|
page read and write
|
||
|
9CF000
|
stack
|
page read and write
|
||
|
372C000
|
stack
|
page read and write
|
||
|
695000
|
heap
|
page read and write
|
||
|
9B000
|
stack
|
page read and write
|
||
|
1F0000
|
heap
|
page read and write
|
||
|
510000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
401000
|
unkown
|
page execute read
|
||
|
6DE000
|
heap
|
page read and write
|
||
|
2BDD000
|
stack
|
page read and write
|
||
|
771000
|
heap
|
page read and write
|
||
|
3C1E000
|
stack
|
page read and write
|
||
|
462000
|
unkown
|
page execute and read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
436E000
|
heap
|
page read and write
|
||
|
27CE000
|
stack
|
page read and write
|
||
|
2380000
|
heap
|
page read and write
|
||
|
2D1D000
|
stack
|
page read and write
|
||
|
2240000
|
heap
|
page read and write
|
||
|
4226000
|
heap
|
page read and write
|
||
|
583C000
|
stack
|
page read and write
|
||
|
484000
|
unkown
|
page readonly
|
||
|
6D0000
|
heap
|
page read and write
|
||
|
234B000
|
stack
|
page read and write
|
||
|
22A0000
|
heap
|
page read and write
|
||
|
22D0000
|
heap
|
page read and write
|
||
|
5F6000
|
heap
|
page read and write
|
||
|
400000
|
unkown
|
page readonly
|
||
|
96E000
|
stack
|
page read and write
|
||
|
573C000
|
stack
|
page read and write
|
||
|
690000
|
heap
|
page read and write
|
||
|
2160000
|
heap
|
page read and write
|
||
|
5D3000
|
heap
|
page read and write
|
||
|
3855000
|
heap
|
page read and write
|
||
|
4211000
|
heap
|
page read and write
|
||
|
4370000
|
heap
|
page read and write
|
||
|
86F000
|
stack
|
page read and write
|
||
|
2A9D000
|
stack
|
page read and write
|
||
|
8BE000
|
stack
|
page read and write
|
||
|
23A0000
|
heap
|
page read and write
|
||
|
743000
|
heap
|
page read and write
|
||
|
605000
|
heap
|
page read and write
|
||
|
382E000
|
stack
|
page read and write
|
||
|
565000
|
heap
|
page read and write
|
||
|
4211000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
4EE000
|
stack
|
page read and write
|
||
|
5AD000
|
stack
|
page read and write
|
||
|
3D7E000
|
stack
|
page read and write
|
||
|
469000
|
unkown
|
page execute and read and write
|
||
|
4A0000
|
heap
|
page read and write
|
||
|
5EA000
|
heap
|
page read and write
|
||
|
2FAE000
|
stack
|
page read and write
|
||
|
401000
|
unkown
|
page execute read
|
||
|
4211000
|
heap
|
page read and write
|
||
|
3850000
|
heap
|
page read and write
|
||
|
4256000
|
heap
|
page read and write
|
||
|
484000
|
unkown
|
page readonly
|
||
|
9C000
|
stack
|
page read and write
|
||
|
2110000
|
heap
|
page read and write
|
There are 140 hidden memdumps, click here to show them.