IOC Report
OatAFVzm15.bin

loading gif

Files

File Path
Type
Category
Malicious
OatAFVzm15.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_OatAFVzm15.exe_a26318744316683b0d1fe53934c2b47109f797_532d33bc_08651c8c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
 malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1103.tmp.dmp
Mini DuMP crash report, 14 streams, Sat Aug 27 10:54:27 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER13C3.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER154A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\OatAFVzm15.exe
"C:\Users\user\Desktop\OatAFVzm15.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 224

URLs

Name
IP
Malicious
http://www.google.com/webhp
unknown
http://www.google.com/webhpbcU
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
ProgramId
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
FileId
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
LowerCaseLongPath
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
LongPathHash
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
Name
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
Publisher
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
Version
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
BinFileVersion
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
BinaryType
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
ProductName
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
ProductVersion
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
LinkDate
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
BinProductVersion
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
Size
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
Language
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
IsPeFile
\REGISTRY\A\{87c51688-9fe7-32c4-9e1a-3201cc3589c5}\Root\InventoryApplicationFile\oatafvzm15.exe|77839bf3
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
0018800453F4626F
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
401000
unkown
page execute read
 malicious
401000
unkown
page execute read
 malicious
401000
unkown
page execute read
 malicious
401000
unkown
page execute read
 malicious
861DDFE000
stack
page read and write
41C000
unkown
page write copy
2663C623000
heap
page read and write
174DCD00000
heap
page read and write
5E0000
heap
page read and write
1712C04F000
heap
page read and write
1E754513000
heap
page read and write
75F3E7C000
stack
page read and write
26636E78000
heap
page read and write
2385D85C000
heap
page read and write
2385D83B000
heap
page read and write
1CAD3029000
heap
page read and write
7DE000
stack
page read and write
5E0000
heap
page read and write
A1F000
stack
page read and write
861D8FF000
stack
page read and write
2385D7B0000
trusted library allocation
page read and write
24000902000
heap
page read and write
174DCC51000
heap
page read and write
67023FD000
stack
page read and write
91E000
stack
page read and write
2385E002000
trusted library allocation
page read and write
174DCA00000
heap
page read and write
F68827E000
stack
page read and write
2663C400000
trusted library allocation
page read and write
75F3DFF000
stack
page read and write
174DCC2F000
heap
page read and write
19B000
stack
page read and write
1CAD305B000
heap
page read and write
266375C3000
trusted library allocation
page read and write
26637758000
heap
page read and write
26637CE0000
trusted library allocation
page read and write
27756A02000
trusted library allocation
page read and write
F687FFF000
stack
page read and write
1E75446F000
heap
page read and write
174DCC3D000
heap
page read and write
67020FB000
stack
page read and write
9D000
stack
page read and write
1712C802000
trusted library allocation
page read and write
F03EB7B000
stack
page read and write
F03E677000
stack
page read and write
1CAD3037000
heap
page read and write
2775623C000
heap
page read and write
E572B7F000
stack
page read and write
405000
unkown
page readonly
F03E87B000
stack
page read and write
F03EFFF000
stack
page read and write
91E000
stack
page read and write
9AF207E000
stack
page read and write
2663C6F6000
heap
page read and write
26636E13000
heap
page read and write
9AF1D3B000
stack
page read and write
2385D87B000
heap
page read and write
9D000
stack
page read and write
6701EFF000
stack
page read and write
174DCC44000
heap
page read and write
2663C6EB000
heap
page read and write
2775627D000
heap
page read and write
2385D863000
heap
page read and write
266375E0000
trusted library allocation
page read and write
440000
unkown
page write copy
405000
unkown
page readonly
6701B9B000
stack
page read and write
1E754320000
heap
page read and write
1F0000
trusted library allocation
page read and write
2775628E000
heap
page read and write
2400083C000
heap
page read and write
406000
unkown
page write copy
406000
unkown
page write copy
2663C6A5000
heap
page read and write
174DCC13000
heap
page read and write
19B000
stack
page read and write
1CAD3041000
heap
page read and write
26636E73000
heap
page read and write
2385D862000
heap
page read and write
1E754D13000
heap
page read and write
174DCA70000
heap
page read and write
75F43FF000
stack
page read and write
1E75442A000
heap
page read and write
174DCB90000
trusted library allocation
page read and write
48D000
stack
page read and write
2385D829000
heap
page read and write
2663C700000
heap
page read and write
26637700000
heap
page read and write
2663C300000
trusted library allocation
page read and write
174DCD13000
heap
page read and write
8DF000
stack
page read and write
26636E8B000
heap
page read and write
2663C646000
heap
page read and write
26637602000
heap
page read and write
4A0000
heap
page read and write
2385D800000
heap
page read and write
26637713000
heap
page read and write
67024FF000
stack
page read and write
1E754467000
heap
page read and write
406000
unkown
page write copy
24000813000
heap
page read and write
26636F02000
heap
page read and write
400000
unkown
page readonly
2385D846000
heap
page read and write
1CAD3802000
trusted library allocation
page read and write
F687E7E000
stack
page read and write
27756010000
heap
page read and write
7DE000
stack
page read and write
E572DFD000
stack
page read and write
174DD402000
trusted library allocation
page read and write
2663C410000
trusted library allocation
page read and write
5EA000
heap
page read and write
2400082A000
heap
page read and write
9AF25FF000
stack
page read and write
2663C630000
heap
page read and write
440000
unkown
page read and write
1E7544CA000
heap
page read and write
2663C2F4000
trusted library allocation
page read and write
1E7544BB000
heap
page read and write
24000863000
heap
page read and write
240007D0000
trusted library allocation
page read and write
9AF22FE000
stack
page read and write
41C000
unkown
page write copy
405000
unkown
page readonly
1E754489000
heap
page read and write
2385D865000
heap
page read and write
2385D842000
heap
page read and write
2663D000000
heap
page read and write
266375C0000
trusted library allocation
page read and write
1E754400000
heap
page read and write
27756313000
heap
page read and write
9AF227B000
stack
page read and write
861DBFD000
stack
page read and write
E572CFF000
stack
page read and write
F68817E000
stack
page read and write
26637718000
heap
page read and write
47D627C000
stack
page read and write
1712C113000
heap
page read and write
48D000
stack
page read and write
174DCC00000
heap
page read and write
1712C102000
heap
page read and write
1E7544CC000
heap
page read and write
2385D858000
heap
page read and write
E572EFD000
stack
page read and write
26637E10000
trusted library section
page readonly
24000800000
heap
page read and write
240005A0000
heap
page read and write
1F0000
trusted library allocation
page read and write
2385D902000
heap
page read and write
1CAD3102000
heap
page read and write
27756246000
heap
page read and write
2663C1C0000
trusted library allocation
page read and write
4A0000
heap
page read and write
47D6A7E000
stack
page read and write
1712C07D000
heap
page read and write
406000
unkown
page write copy
24000802000
heap
page read and write
2385D813000
heap
page read and write
2663C1B0000
trusted library allocation
page read and write
27756302000
heap
page read and write
30000
unkown
page read and write
27756288000
heap
page read and write
26636E29000
heap
page read and write
174DCC02000
heap
page read and write
47D687F000
stack
page read and write
1CAD3002000
heap
page read and write
26636DE1000
trusted library allocation
page read and write
27756300000
heap
page read and write
26637DF0000
trusted library section
page readonly
2663C3A0000
trusted library allocation
page read and write
2663C2D0000
trusted library allocation
page read and write
27756255000
heap
page read and write
67021F7000
stack
page read and write
861E0FE000
stack
page read and write
2385D720000
heap
page read and write
2663C430000
remote allocation
page read and write
1712C047000
heap
page read and write
26637DC0000
trusted library section
page readonly
F03EF7A000
stack
page read and write
861D38C000
stack
page read and write
1E754A80000
trusted library allocation
page read and write
8DF000
stack
page read and write
26636E3C000
heap
page read and write
2385D84E000
heap
page read and write
2385D857000
heap
page read and write
F03F2FF000
stack
page read and write
1712C046000
heap
page read and write
2663C3E0000
trusted library allocation
page read and write
75F3F7D000
stack
page read and write
75F3FFB000
stack
page read and write
5EA000
heap
page read and write
2385D867000
heap
page read and write
27756308000
heap
page read and write
2775624E000
heap
page read and write
67022FF000
stack
page read and write
2663C430000
remote allocation
page read and write
1E7542C0000
heap
page read and write
400000
unkown
page readonly
1CAD2EC0000
heap
page read and write
27756200000
heap
page read and write
6701E7F000
stack
page read and write
26636C00000
heap
page read and write
F03E77A000
stack
page read and write
174DCA10000
heap
page read and write
F68837F000
stack
page read and write
2385D877000
heap
page read and write
26636E00000
heap
page read and write
2385D86B000
heap
page read and write
26637600000
heap
page read and write
1CAD2EB0000
heap
page read and write
75F3B7B000
stack
page read and write
26636D70000
trusted library allocation
page read and write
1712C100000
heap
page read and write
1712C000000
heap
page read and write
2663C3F0000
trusted library allocation
page read and write
26636C70000
heap
page read and write
2663C6DE000
heap
page read and write
9AF1DBE000
stack
page read and write
2385D87E000
heap
page read and write
26637E00000
trusted library section
page readonly
1712C029000
heap
page read and write
2775626C000
heap
page read and write
19B000
stack
page read and write
1E754C02000
heap
page read and write
24000D90000
remote allocation
page read and write
440000
unkown
page read and write
174DCC5D000
heap
page read and write
F03E47B000
stack
page read and write
75F3CFF000
stack
page read and write
26636E8F000
heap
page read and write
5E0000
heap
page read and write
2385D83D000
heap
page read and write
26636E7B000
heap
page read and write
2775624B000
heap
page read and write
75F371B000
stack
page read and write
41C000
unkown
page write copy
490000
remote allocation
page read and write
2385D845000
heap
page read and write
9AF23F7000
stack
page read and write
1CAD3000000
heap
page read and write
2385D710000
heap
page read and write
7DE000
stack
page read and write
1712C03C000
heap
page read and write
2385D780000
heap
page read and write
2663C310000
trusted library allocation
page read and write
1CAD3075000
heap
page read and write
174DCC2A000
heap
page read and write
F687EFE000
stack
page read and write
4A0000
heap
page read and write
26637801000
trusted library allocation
page read and write
2663C619000
heap
page read and write
1CAD3680000
trusted library allocation
page read and write
24000859000
heap
page read and write
400000
unkown
page readonly
405000
unkown
page readonly
26636C10000
heap
page read and write
9D000
stack
page read and write
2385D85F000
heap
page read and write
24000D90000
remote allocation
page read and write
1E754502000
heap
page read and write
2385D832000
heap
page read and write
27756000000
heap
page read and write
1712BF30000
heap
page read and write
2385D87A000
heap
page read and write
27756070000
heap
page read and write
75F40FB000
stack
page read and write
26636E95000
heap
page read and write
1CAD3113000
heap
page read and write
F03EE7E000
stack
page read and write
1CAD3058000
heap
page read and write
F03EA7A000
stack
page read and write
26637DD0000
trusted library section
page readonly
2385D860000
heap
page read and write
2663C2F1000
trusted library allocation
page read and write
2663C2DE000
trusted library allocation
page read and write
E57254B000
stack
page read and write
27756213000
heap
page read and write
26636E27000
heap
page read and write
47D65FF000
stack
page read and write
8DF000
stack
page read and write
861DAFF000
stack
page read and write
47D66FB000
stack
page read and write
1E754D00000
heap
page read and write
5BE000
stack
page read and write
26636F13000
heap
page read and write
1712C08E000
heap
page read and write
1712C04D000
heap
page read and write
27756229000
heap
page read and write
F68807E000
stack
page read and write
6701FFC000
stack
page read and write
26637718000
heap
page read and write
1CAD3013000
heap
page read and write
861DFFF000
stack
page read and write
75F41FF000
stack
page read and write
400000
unkown
page readonly
9AF217B000
stack
page read and write
2663C2D0000
trusted library allocation
page read and write
2663C420000
trusted library allocation
page read and write
1712C04C000
heap
page read and write
26636E91000
heap
page read and write
266375D0000
trusted library allocation
page read and write
1E754465000
heap
page read and write
174DCC65000
heap
page read and write
174DCB70000
trusted library allocation
page read and write
861D9FD000
stack
page read and write
1712C108000
heap
page read and write
26638160000
trusted library allocation
page read and write
5BE000
stack
page read and write
26636E57000
heap
page read and write
2663C430000
trusted library allocation
page read and write
26637615000
heap
page read and write
A1F000
stack
page read and write
2385D86D000
heap
page read and write
2663C430000
remote allocation
page read and write
47D697A000
stack
page read and write
47D647B000
stack
page read and write
24000600000
heap
page read and write
1712BF40000
heap
page read and write
47D677F000
stack
page read and write
2663C707000
heap
page read and write
24000D90000
remote allocation
page read and write
9AF24FE000
stack
page read and write
174DCC55000
heap
page read and write
2663C702000
heap
page read and write
2385D848000
heap
page read and write
2385D884000
heap
page read and write
1F0000
trusted library allocation
page read and write
F03EDFF000
stack
page read and write
A1F000
stack
page read and write
5EA000
heap
page read and write
26637702000
heap
page read and write
174DCD02000
heap
page read and write
1E7542B0000
heap
page read and write
2663C653000
heap
page read and write
E5729FF000
stack
page read and write
2663C704000
heap
page read and write
490000
remote allocation
page read and write
861D7FB000
stack
page read and write
26636D80000
trusted library section
page read and write
41C000
unkown
page write copy
1712C070000
heap
page read and write
F03ED7F000
stack
page read and write
F03F0FA000
stack
page read and write
E572A7E000
stack
page read and write
1712C086000
heap
page read and write
24000590000
heap
page read and write
1E754424000
heap
page read and write
47D6AFF000
stack
page read and write
F687BFC000
stack
page read and write
26636EA1000
heap
page read and write
48D000
stack
page read and write
24000E02000
trusted library allocation
page read and write
2385D840000
heap
page read and write
5BE000
stack
page read and write
2663C314000
trusted library allocation
page read and write
1E7544C3000
heap
page read and write
F03ECFE000
stack
page read and write
2663C68A000
heap
page read and write
F03EC7F000
stack
page read and write
E572C7D000
stack
page read and write
2385D824000
heap
page read and write
2385D85A000
heap
page read and write
2663C659000
heap
page read and write
1CAD2F20000
heap
page read and write
1E754413000
heap
page read and write
F03E97F000
stack
page read and write
27756250000
heap
page read and write
2385D844000
heap
page read and write
2663C666000
heap
page read and write
75F42FC000
stack
page read and write
2663C2F0000
trusted library allocation
page read and write
30000
heap
page read and write
27756170000
trusted library allocation
page read and write
2663C300000
trusted library allocation
page read and write
24000824000
heap
page read and write
2663C600000
heap
page read and write
26637DE0000
trusted library section
page readonly
26636EFD000
heap
page read and write
861DEFE000
stack
page read and write
91E000
stack
page read and write
1E754445000
heap
page read and write
2663C6F1000
heap
page read and write
2385D86A000
heap
page read and write
27756227000
heap
page read and write
1712C04B000
heap
page read and write
1712BFA0000
heap
page read and write
861DCFF000
stack
page read and write
440000
unkown
page read and write
1712BFD0000
trusted library allocation
page read and write
1712C027000
heap
page read and write
30000
unkown
page read and write
1712C013000
heap
page read and write
2663C2D8000
trusted library allocation
page read and write
There are 383 hidden memdumps, click here to show them.