IOC Report
vy3mvlAaCZ.exe

loading gif

Files

File Path
Type
Category
Malicious
vy3mvlAaCZ.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vy3mvlAaCZ.exe_6074d93d852c1785169ec71e797e6a243c122_d0e789f3_1326a322\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_vy3mvlAaCZ.exe_6074d93d852c1785169ec71e797e6a243c122_d0e789f3_15f13808\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WER97F6.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Sep 1 06:59:26 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A1A.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B44.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C8E.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Sep 1 06:51:57 2022, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2EB2.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER300B.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\vy3mvlAaCZ.exe
"C:\Users\user\Desktop\vy3mvlAaCZ.exe"
malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 244
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 244

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProgramId
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
FileId
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LowerCaseLongPath
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LongPathHash
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Name
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Publisher
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Version
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinFileVersion
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinaryType
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProductName
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProductVersion
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LinkDate
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinProductVersion
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Size
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Language
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
IsPeFile
\REGISTRY\A\{d00e812a-86e8-84c0-8225-ffbd1764ff1a}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
001840064172BCE4
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProgramId
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
FileId
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LowerCaseLongPath
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LongPathHash
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Name
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Publisher
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Version
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinFileVersion
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinaryType
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProductName
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
ProductVersion
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
LinkDate
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
BinProductVersion
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Size
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
Language
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
IsPeFile
\REGISTRY\A\{be1f411e-38ba-7b6c-52b8-c8471f6bb0a1}\Root\InventoryApplicationFile\vy3mvlaacz.exe|9c7091c0
IsOsComponent
There are 31 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
944000
unkown
page write copy
malicious
944000
unkown
page write copy
malicious
944000
unkown
page write copy
malicious
943000
unkown
page write copy
malicious
AE22679000
stack
page read and write
1FCC1B40000
heap
page read and write
2BE94876000
heap
page read and write
260000
heap
page read and write
2BE9485F000
heap
page read and write
18F1E866000
heap
page read and write
18F1F17E000
heap
page read and write
20D8B708000
heap
page read and write
AF4AD7E000
stack
page read and write
18F1F198000
heap
page read and write
18F1F14E000
heap
page read and write
29297D60000
trusted library allocation
page read and write
AF4ADFF000
stack
page read and write
29293158000
heap
page read and write
AE21F7B000
stack
page read and write
29297EA1000
trusted library allocation
page read and write
EF9A3FF000
stack
page read and write
D40637E000
stack
page read and write
18F1F17F000
heap
page read and write
18F1E83C000
heap
page read and write
20D8B63C000
heap
page read and write
2B983FA000
stack
page read and write
258CC6D0000
heap
page read and write
53E9A7E000
stack
page read and write
2BE9486E000
heap
page read and write
18F1F176000
heap
page read and write
1FCC1D13000
heap
page read and write
2225F4A7000
heap
page read and write
20D8B530000
trusted library allocation
page read and write
1FCC1C4F000
heap
page read and write
93E000
unkown
page readonly
18F1E860000
heap
page read and write
234E8658000
heap
page read and write
18F1F60A000
heap
page read and write
2031243D000
heap
page read and write
53E93FC000
stack
page read and write
18F1F18B000
heap
page read and write
234E8600000
heap
page read and write
234E910A000
heap
page read and write
18F1E908000
heap
page read and write
2C9A4FF000
stack
page read and write
29297EC0000
trusted library allocation
page read and write
25AFF43C000
heap
page read and write
18F1E85E000
heap
page read and write
292928A9000
heap
page read and write
29297F50000
trusted library allocation
page read and write
18F1E8E5000
heap
page read and write
18F1F17A000
heap
page read and write
20D8B666000
heap
page read and write
2225F4C0000
heap
page read and write
18F1E800000
heap
page read and write
18F1F11F000
heap
page read and write
2BE94845000
heap
page read and write
2BE94813000
heap
page read and write