Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
9Y6R8fs0wd.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_9Y6R8fs0wd.exe_bb31e39e2724a028c6dac54eb34b2828abaea3_69101081_7aea6241-064f-4331-847a-db85fcf4c379\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE5F0.tmp.dmp
|
Mini DuMP crash report, 14 streams, Mon Oct 7 22:16:52 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE68D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE6BD.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\9Y6R8fs0wd.exe
|
"C:\Users\user\Desktop\9Y6R8fs0wd.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
|
||
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 268
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
studennotediw.stor
|
|||
spirittunek.stor
|
|||
trustterwowqm.shop
|
|||
eaglepawnoy.stor
|
|||
clearancek.site
|
|||
mobbipenju.stor
|
|||
https://steamcommunity.com/profiles/76561199724331900
|
104.102.49.254
|
||
licendfilteo.site
|
|||
https://steamcommunity.com/profiles/76561199724331900/inventory/
|
unknown
|
||
bathdoomgaz.stor
|
|||
dissapoiznw.stor
|
|||
https://sergei-esenin.com/api
|
172.67.206.204
|
||
https://steamcommunity.com/profiles/76561199724331900/badges
|
unknown
|
||
https://player.vimeo.com
|
unknown
|
||
https://sergei-esenin.com/apil
|
unknown
|
||
https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
|
unknown
|
||
https://sergei-esenin.com/
|
unknown
|
||
https://store.steampowered.com/;Persistent-Aut
|
unknown
|
||
http://store.steampowered.com/subscriber_agreement/
|
unknown
|
||
https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
|
unknown
|
||
https://recaptcha.net/recaptcha/;
|
unknown
|
||
https://sergei-esenin.com/teambr
|
unknown
|
||
https://www.youtube.com
|
unknown
|
||
https://www.google.com
|
unknown
|
||
https://medal.tv
|
unknown
|
||
https://spirittunek.st
|
unknown
|
||
https://broadcast.st.dl.eccdnx.com
|
unknown
|
||
https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
|
unknown
|
||
https://s.ytimg.com;
|
unknown
|
||
https://login.steampowered.com/
|
unknown
|
||
https://store.steampowered.com/legal/
|
unknown
|
||
https://licendfilteo.site/api
|
unknown
|
||
http://store.steampowered.com/privacy_agreement/
|
unknown
|
||
https://recaptcha.net
|
unknown
|
||
http://upx.sf.net
|
unknown
|
||
https://store.steampowered.com/
|
unknown
|
||
https://clearancek.site/api
|
unknown
|
||
https://lv.queniujq.cn
|
unknown
|
||
https://www.youtube.com/
|
unknown
|
||
http://127.0.0.1:27060
|
unknown
|
||
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
|
unknown
|
||
https://community.akamai.steamstatic.comT
|
unknown
|
||
https://www.google.com/recaptcha/
|
unknown
|
||
https://help.steampowered.com/
|
unknown
|
||
https://api.steampowered.com/
|
unknown
|
||
http://store.steampowered.com/account/cookiepreferences/
|
unknown
|
||
https://steamcommunity.com/
|
unknown
|
||
https://steamcommunity.com/)C
|
unknown
|
||
https://store.steampowered.com/;
|
unknown
|
There are 39 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
steamcommunity.com
|
104.102.49.254
|
||
sergei-esenin.com
|
172.67.206.204
|
||
trustterwowqm.shop
|
unknown
|
||
licendfilteo.site
|
unknown
|
||
clearancek.site
|
unknown
|
||
s-part-0017.t-0009.t-msedge.net
|
13.107.246.45
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
eaglepawnoy.store
|
unknown
|
||
bathdoomgaz.store
|
unknown
|
||
spirittunek.store
|
unknown
|
||
studennotediw.store
|
unknown
|
||
mobbipenju.store
|
unknown
|
||
dissapoiznw.store
|
unknown
|
There are 3 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
104.102.49.254
|
steamcommunity.com
|
United States
|
||
172.67.206.204
|
sergei-esenin.com
|
United States
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
ProgramId
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
FileId
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
LowerCaseLongPath
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
LongPathHash
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Name
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
OriginalFileName
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Publisher
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Version
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
BinFileVersion
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
BinaryType
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
ProductName
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
ProductVersion
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
LinkDate
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
BinProductVersion
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
AppxPackageFullName
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Size
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Language
|
||
\REGISTRY\A\{f82ff069-7931-4d7c-3ecb-64ccc90febc6}\Root\InventoryApplicationFile\9y6r8fs0wd.exe|bb8ae27309805156
|
Usn
|
There are 9 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
400000
|
remote allocation
|
page execute and read and write
|
||
129C000
|
heap
|
page read and write
|
||
72D000
|
unkown
|
page write copy
|
||
35ED000
|
stack
|
page read and write
|
||
12A3000
|
heap
|
page read and write
|
||
1380000
|
heap
|
page read and write
|
||
157F000
|
stack
|
page read and write
|
||
1280000
|
heap
|
page read and write
|
||
13A5000
|
heap
|
page read and write
|
||
159F000
|
stack
|
page read and write
|
||
701000
|
unkown
|
page execute read
|
||
12CF000
|
heap
|
page read and write
|
||
13A0000
|
heap
|
page read and write
|
||
1250000
|
heap
|
page read and write
|
||
383F000
|
stack
|
page read and write
|
||
34AD000
|
stack
|
page read and write
|
||
1288000
|
heap
|
page read and write
|
||
13AE000
|
heap
|
page read and write
|
||
35AE000
|
stack
|
page read and write
|
||
788000
|
unkown
|
page readonly
|
||
12AE000
|
heap
|
page read and write
|
||
12C2000
|
heap
|
page read and write
|
||
136F000
|
stack
|
page read and write
|
||
36ED000
|
stack
|
page read and write
|
||
12DB000
|
heap
|
page read and write
|
||
788000
|
unkown
|
page readonly
|
||
DFE000
|
stack
|
page read and write
|
||
D60000
|
heap
|
page read and write
|
||
700000
|
unkown
|
page readonly
|
||
2E9D000
|
stack
|
page read and write
|
||
E9C000
|
stack
|
page read and write
|
||
16BE000
|
stack
|
page read and write
|
||
786000
|
unkown
|
page read and write
|
||
1260000
|
heap
|
page read and write
|
||
701000
|
unkown
|
page execute read
|
||
2EDD000
|
stack
|
page read and write
|
||
D70000
|
heap
|
page read and write
|
||
133F000
|
heap
|
page read and write
|
||
12A9000
|
heap
|
page read and write
|
||
373E000
|
stack
|
page read and write
|
||
124E000
|
stack
|
page read and write
|
||
785000
|
unkown
|
page execute and read and write
|
||
45F000
|
remote allocation
|
page execute and read and write
|
||
700000
|
unkown
|
page readonly
|
||
F9C000
|
stack
|
page read and write
|
||
D0D000
|
stack
|
page read and write
|
||
302D000
|
stack
|
page read and write
|
||
DBE000
|
stack
|
page read and write
|
||
12E5000
|
heap
|
page read and write
|
||
13AA000
|
heap
|
page read and write
|
||
2F20000
|
heap
|
page read and write
|
||
723000
|
unkown
|
page readonly
|
||
1200000
|
heap
|
page read and write
|
||
13A0000
|
heap
|
page read and write
|
||
10FD000
|
stack
|
page read and write
|
||
13B8000
|
heap
|
page read and write
|
||
312D000
|
stack
|
page read and write
|
||
723000
|
unkown
|
page readonly
|
||
72D000
|
unkown
|
page read and write
|
||
15BE000
|
stack
|
page read and write
|
There are 50 hidden memdumps, click here to show them.