Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
hesaphareketi-01.pdf.SCR.exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_753d7a9c15ccceb1d7e13a593b195ae629227ad_fcf0f5bb_bed3a14f-1e03-41fc-a65d-1a376281afbf\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1009.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE22.tmp.dmp
|
Mini DuMP crash report, 14 streams, Thu Apr 18 19:20:42 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD9.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\hesaphareketi-01.pdf.SCR.exe.log
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\hesaphareketi-01.pdf.SCR.exe
|
"C:\Users\user\Desktop\hesaphareketi-01.pdf.SCR.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
|
|
|
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 1620
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
204.44.127.158
|
|
||
|
http://upx.sf.net
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
https://github.com/sam210723/goesrecv-monitor/releases/latest
|
unknown
|
||
|
https://vksdr.com/goesrecv-monitor
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
204.44.127.158
|
unknown
|
United States
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProgramId
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
FileId
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LongPathHash
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Name
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
OriginalFileName
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Publisher
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Version
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinFileVersion
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinaryType
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductName
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
ProductVersion
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
LinkDate
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
BinProductVersion
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Size
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Language
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
IsOsComponent
|
||
|
\REGISTRY\A\{d52d970d-d5af-6764-ee20-c17eff328e19}\Root\InventoryApplicationFile\regasm.exe|930881d2b722b2fe
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
There are 14 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2711000
|
trusted library allocation
|
page read and write
|
|
|
|
3171000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
1230000
|
heap
|
page read and write
|
||
|
C2E000
|
heap
|
page read and write
|
||
|
69EE000
|
stack
|
page read and write
|
||
|
1410000
|
trusted library allocation
|
page read and write
|
||
|
6805000
|
trusted library allocation
|
page read and write
|
||
|
31B4000
|
trusted library allocation
|
page read and write
|
||
|
773E000
|
stack
|
page read and write
|
||
|
A73000
|
trusted library allocation
|
page read and write
|
||
|
35B7000
|
trusted library allocation
|
page read and write
|
||
|
2F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E73000
|
heap
|
page read and write
|
||
|
6AEE000
|
heap
|
page read and write
|
||
|
148F000
|
heap
|
page read and write
|
||
|
3233000
|
trusted library allocation
|
page read and write
|
||
|
5E60000
|
heap
|
page read and write
|
||
|
3160000
|
heap
|
page execute and read and write
|
||
|
4CE5000
|
trusted library allocation
|
page read and write
|
||
|
6830000
|
trusted library allocation
|
page read and write
|
||
|
67CB000
|
trusted library allocation
|
page read and write
|
||
|
4D10000
|
trusted library allocation
|
page read and write
|
||
|
4C90000
|
trusted library allocation
|
page read and write
|
||
|
3719000
|
trusted library allocation
|
page read and write
|
||
|
526D000
|
stack
|
page read and write
|
||
|
1457000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D60000
|
trusted library allocation
|
page execute and read and write
|
||
|
A86000
|
trusted library allocation
|
page execute and read and write
|
||
|
564C000
|
stack
|
page read and write
|
||
|
4CF0000
|
trusted library allocation
|
page read and write
|
||
|
138E000
|
stack
|
page read and write
|
||
|
F07000
|
heap
|
page read and write
|
||
|
D1E000
|
heap
|
page read and write
|
||
|
67C0000
|
trusted library allocation
|
page read and write
|
||
|
59F0000
|
heap
|
page read and write
|
||
|
A6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4D40000
|
heap
|
page read and write
|
||
|
307E000
|
stack
|
page read and write
|
||
|
5600000
|
heap
|
page read and write
|
||
|
4CDF000
|
trusted library allocation
|
page read and write
|
||
|
2E7C000
|
unkown
|
page read and write
|
||
|
146B000
|
heap
|
page read and write
|
||
|
A8A000
|
trusted library allocation
|
page execute and read and write
|
||
|
2600000
|
heap
|
page read and write
|
||
|
1413000
|
trusted library allocation
|
page execute and read and write
|
||
|
56A0000
|
heap
|
page execute and read and write
|
||
|
7B10000
|
trusted library allocation
|
page read and write
|
||
|
75F0000
|
trusted library allocation
|
page read and write
|
||
|
14DE000
|
heap
|
page read and write
|
||
|
A70000
|
trusted library allocation
|
page read and write
|
||
|
74E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
149A000
|
heap
|
page read and write
|
||
|
5B8E000
|
stack
|
page read and write
|
||
|
1310000
|
heap
|
page read and write
|
||
|
67CD000
|
trusted library allocation
|
page read and write
|
||
|
4CD0000
|
trusted library allocation
|
page read and write
|
||
|
4CC2000
|
trusted library allocation
|
page read and write
|
||
|
4ED0000
|
trusted library section
|
page readonly
|
||
|
353F000
|
trusted library allocation
|
page read and write
|
||
|
626E000
|
stack
|
page read and write
|
||
|
5A8E000
|
stack
|
page read and write
|
||
|
67D4000
|
trusted library allocation
|
page read and write
|
||
|
270F000
|
stack
|
page read and write
|
||
|
1502000
|
heap
|
page read and write
|
||
|
4F30000
|
heap
|
page execute and read and write
|
||
|
A2E000
|
stack
|
page read and write
|
||
|
4E6E000
|
stack
|
page read and write
|
||
|
A64000
|
trusted library allocation
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
7A0E000
|
stack
|
page read and write
|
||
|
8F7000
|
stack
|
page read and write
|
||
|
4171000
|
trusted library allocation
|
page read and write
|
||
|
75F4000
|
trusted library allocation
|
page read and write
|
||
|
A63000
|
trusted library allocation
|
page execute and read and write
|
||
|
4CB6000
|
trusted library allocation
|
page read and write
|
||
|
14A4000
|
heap
|
page read and write
|
||
|
4CB1000
|
trusted library allocation
|
page read and write
|
||
|
1330000
|
heap
|
page read and write
|
||
|
13DE000
|
stack
|
page read and write
|
||
|
4C94000
|
trusted library allocation
|
page read and write
|
||
|
2F10000
|
trusted library allocation
|
page read and write
|
||
|
ECB000
|
stack
|
page read and write
|
||
|
1414000
|
trusted library allocation
|
page read and write
|
||
|
4CAE000
|
trusted library allocation
|
page read and write
|
||
|
6AE0000
|
heap
|
page read and write
|
||
|
1450000
|
trusted library allocation
|
page read and write
|
||
|
63ED000
|
stack
|
page read and write
|
||
|
642C000
|
stack
|
page read and write
|
||
|
2F5E000
|
stack
|
page read and write
|
||
|
4EB0000
|
trusted library allocation
|
page read and write
|
||
|
62EC000
|
stack
|
page read and write
|
||
|
A50000
|
trusted library allocation
|
page read and write
|
||
|
4C2000
|
unkown
|
page readonly
|
||
|
616F000
|
stack
|
page read and write
|
||
|
145B000
|
trusted library allocation
|
page execute and read and write
|
||
|
4E80000
|
trusted library section
|
page read and write
|
||
|
A7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1497000
|
heap
|
page read and write
|
||
|
4C0000
|
unkown
|
page readonly
|
||
|
31B9000
|
trusted library allocation
|
page read and write
|
||
|
602D000
|
stack
|
page read and write
|
||
|
60AE000
|
stack
|
page read and write
|
||
|
141D000
|
trusted library allocation
|
page execute and read and write
|
||
|
143A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5949000
|
stack
|
page read and write
|
||
|
31A4000
|
trusted library allocation
|
page read and write
|
||
|
A9B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1436000
|
trusted library allocation
|
page execute and read and write
|
||
|
9E0000
|
heap
|
page read and write
|
||
|
CAD000
|
heap
|
page read and write
|
||
|
763D000
|
stack
|
page read and write
|
||
|
C10000
|
trusted library allocation
|
page read and write
|
||
|
4F2B000
|
stack
|
page read and write
|
||
|
6820000
|
heap
|
page read and write
|
||
|
519F000
|
stack
|
page read and write
|
||
|
4C9E000
|
trusted library allocation
|
page read and write
|
||
|
C49000
|
heap
|
page read and write
|
||
|
2E3E000
|
stack
|
page read and write
|
||
|
79CE000
|
stack
|
page read and write
|
||
|
5235000
|
heap
|
page read and write
|
||
|
BF0000
|
heap
|
page execute and read and write
|
||
|
3711000
|
trusted library allocation
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
2F70000
|
heap
|
page read and write
|
||
|
25FC000
|
stack
|
page read and write
|
||
|
357F000
|
trusted library allocation
|
page read and write
|
||
|
A60000
|
trusted library allocation
|
page read and write
|
||
|
59E0000
|
heap
|
page read and write
|
||
|
4EA0000
|
trusted library section
|
page read and write
|
||
|
EF0000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
2EFE000
|
stack
|
page read and write
|
||
|
32BD000
|
trusted library allocation
|
page read and write
|
||
|
4CBD000
|
trusted library allocation
|
page read and write
|
||
|
1423000
|
trusted library allocation
|
page read and write
|
||
|
480C000
|
stack
|
page read and write
|
||
|
5E0000
|
heap
|
page read and write
|
||
|
5A15000
|
heap
|
page read and write
|
||
|
67B0000
|
trusted library allocation
|
page read and write
|
||
|
EEE000
|
stack
|
page read and write
|
||
|
5230000
|
heap
|
page read and write
|
||
|
F00000
|
heap
|
page read and write
|
||
|
78CE000
|
stack
|
page read and write
|
||
|
1430000
|
trusted library allocation
|
page read and write
|
||
|
4D50000
|
trusted library allocation
|
page read and write
|
||
|
7102000
|
trusted library allocation
|
page read and write
|
||
|
C61000
|
heap
|
page read and write
|
||
|
787E000
|
stack
|
page read and write
|
||
|
55B0000
|
heap
|
page read and write
|
||
|
1400000
|
trusted library allocation
|
page read and write
|
||
|
568C000
|
stack
|
page read and write
|
||
|
584A000
|
stack
|
page read and write
|
||
|
315C000
|
stack
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
4B8E000
|
stack
|
page read and write
|
||
|
67B7000
|
trusted library allocation
|
page read and write
|
||
|
4E70000
|
heap
|
page read and write
|
||
|
7B0E000
|
stack
|
page read and write
|
||
|
4C9B000
|
trusted library allocation
|
page read and write
|
||
|
2D3E000
|
stack
|
page read and write
|
||
|
5220000
|
heap
|
page read and write
|
||
|
5E50000
|
heap
|
page read and write
|
||
|
5F0000
|
heap
|
page read and write
|
||
|
67E0000
|
trusted library allocation
|
page read and write
|
||
|
2EBC000
|
unkown
|
page read and write
|
||
|
1507000
|
heap
|
page read and write
|
||
|
C55000
|
heap
|
page read and write
|
||
|
55D0000
|
trusted library allocation
|
page read and write
|
||
|
7532000
|
heap
|
page read and write
|
||
|
14D1000
|
heap
|
page read and write
|
||
|
4C8F000
|
stack
|
page read and write
|
||
|
533D000
|
stack
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page read and write
|
||
|
5603000
|
heap
|
page read and write
|
||
|
777E000
|
stack
|
page read and write
|
||
|
AB0000
|
trusted library allocation
|
page read and write
|
||
|
4CE0000
|
trusted library allocation
|
page read and write
|
||
|
1548000
|
heap
|
page read and write
|
||
|
579000
|
stack
|
page read and write
|
||
|
1447000
|
heap
|
page read and write
|
||
|
598E000
|
stack
|
page read and write
|
||
|
5340000
|
heap
|
page read and write
|
||
|
7FBC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
40A000
|
remote allocation
|
page execute and read and write
|
||
|
4EE0000
|
heap
|
page read and write
|
||
|
55E0000
|
trusted library allocation
|
page read and write
|
||
|
AC0000
|
heap
|
page read and write
|
||
|
67DE000
|
trusted library allocation
|
page read and write
|
||
|
C00000
|
trusted library allocation
|
page execute and read and write
|
||
|
BCE000
|
stack
|
page read and write
|
||
|
C46000
|
heap
|
page read and write
|
||
|
1390000
|
heap
|
page read and write
|
||
|
FC7000
|
stack
|
page read and write
|
||
|
1336000
|
heap
|
page read and write
|
||
|
AC5000
|
heap
|
page read and write
|
||
|
C20000
|
heap
|
page read and write
|
||
|
5E40000
|
heap
|
page read and write
|
||
|
14A7000
|
heap
|
page read and write
|
||
|
1420000
|
trusted library allocation
|
page read and write
|
||
|
A97000
|
trusted library allocation
|
page execute and read and write
|
||
|
1395000
|
heap
|
page read and write
|
||
|
612D000
|
stack
|
page read and write
|
||
|
1460000
|
heap
|
page read and write
|
||
|
652A000
|
stack
|
page read and write
|
||
|
A80000
|
trusted library allocation
|
page read and write
|
There are 196 hidden memdumps, click here to show them.