Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO-inv-CQV20(92315).exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PO-inv-CQV20(923_25af6cb37987c1b4fafb61129ddc3c7a259c196_dbe8db34_f6eb4cc2-0f7f-4d1f-88d3-66a87cf07164\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8AB.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Apr 26 05:39:56 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAA0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAD0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO-inv-CQV20(92315).exe
|
"C:\Users\user\Desktop\PO-inv-CQV20(92315).exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 5040 -s 1080
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://api.telegram.org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/sendDocument
|
149.154.167.220
|
||
|
https://api.telegram.org/bot7017233680:AAEfWTUjfiK5hxLLRkmgitv57SQZuFap4nQ/
|
unknown
|
||
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
https://api.telegram.org
|
unknown
|
||
|
http://api.telegram.org
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
api.telegram.org
|
149.154.167.220
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
149.154.167.220
|
api.telegram.org
|
United Kingdom
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASAPI32
|
FileDirectory
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableAutoFileTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
EnableConsoleTracing
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
FileTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
ConsoleTracingMask
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
MaxFileSize
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\jsc_RASMANCS
|
FileDirectory
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
ProgramId
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
FileId
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
LongPathHash
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Name
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
OriginalFileName
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Publisher
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Version
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
BinFileVersion
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
BinaryType
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
ProductName
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
ProductVersion
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
LinkDate
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
BinProductVersion
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Size
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Language
|
||
|
\REGISTRY\A\{0e8e7e96-aa53-25de-2052-1deef7234a46}\Root\InventoryApplicationFile\po-inv-cqv20(923|72db4f17b3ad0a0e
|
Usn
|
There are 24 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2AFA000
|
trusted library allocation
|
page read and write
|
|
|
|
233470CB000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
23356C97000
|
trusted library allocation
|
page read and write
|
|
|
|
2ADE000
|
trusted library allocation
|
page read and write
|
|
|
|
2A91000
|
trusted library allocation
|
page read and write
|
|
|
|
F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
10B6000
|
heap
|
page read and write
|
||
|
5E3A000
|
heap
|
page read and write
|
||
|
67B7000
|
trusted library allocation
|
page read and write
|
||
|
C7C000
|
heap
|
page read and write
|
||
|
4EEE000
|
trusted library allocation
|
page read and write
|
||
|
2335F538000
|
heap
|
page read and write
|
||
|
23345153000
|
heap
|
page read and write
|
||
|
23346DD9000
|
trusted library allocation
|
page read and write
|
||
|
F70000
|
heap
|
page read and write
|
||
|
2334514B000
|
heap
|
page read and write
|
||
|
AB982FA000
|
stack
|
page read and write
|
||
|
F10000
|
trusted library allocation
|
page read and write
|
||
|
B90000
|
heap
|
page read and write
|
||
|
5EF6000
|
trusted library allocation
|
page read and write
|
||
|
54F0000
|
trusted library allocation
|
page read and write
|
||
|
5EF0000
|
trusted library allocation
|
page read and write
|
||
|
6040000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34920000
|
trusted library allocation
|
page read and write
|
||
|
4EF1000
|
trusted library allocation
|
page read and write
|
||
|
632E000
|
stack
|
page read and write
|
||
|
EDD000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF2000
|
trusted library allocation
|
page read and write
|
||
|
289C000
|
stack
|
page read and write
|
||
|
B95000
|
heap
|
page read and write
|
||
|
23345050000
|
heap
|
page read and write
|
||
|
50CE000
|
stack
|
page read and write
|
||
|
6030000
|
trusted library allocation
|
page read and write
|
||
|
23345104000
|
heap
|
page read and write
|
||
|
BF3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34910000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page execute and read and write
|
||
|
C38000
|
heap
|
page read and write
|
||
|
2334510E000
|
heap
|
page read and write
|
||
|
2335F4D0000
|
heap
|
page read and write
|
||
|
2ADC000
|
trusted library allocation
|
page read and write
|
||
|
233450E0000
|
heap
|
page read and write
|
||
|
4F02000
|
trusted library allocation
|
page read and write
|
||
|
C36000
|
heap
|
page read and write
|
||
|
7FFD34939000
|
trusted library allocation
|
page read and write
|
||
|
233450A0000
|
heap
|
page read and write
|
||
|
7FFD3479D000
|
trusted library allocation
|
page execute and read and write
|
||
|
EF5000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34770000
|
trusted library allocation
|
page read and write
|
||
|
1080000
|
trusted library allocation
|
page read and write
|
||
|
BF0000
|
trusted library allocation
|
page read and write
|
||
|
2335ECC0000
|
trusted library allocation
|
page read and write
|
||
|
28A0000
|
trusted library allocation
|
page read and write
|
||
|
28B0000
|
trusted library allocation
|
page read and write
|
||
|
23346B50000
|
trusted library section
|
page read and write
|
||
|
3A91000
|
trusted library allocation
|
page read and write
|
||
|
4F80000
|
heap
|
page read and write
|
||
|
AB981FD000
|
stack
|
page read and write
|
||
|
23345123000
|
heap
|
page read and write
|
||
|
AB97CFE000
|
stack
|
page read and write
|
||
|
C08000
|
heap
|
page read and write
|
||
|
C00000
|
heap
|
page read and write
|
||
|
5E62000
|
heap
|
page read and write
|
||
|
4B8D000
|
stack
|
page read and write
|
||
|
521C000
|
stack
|
page read and write
|
||
|
4F70000
|
heap
|
page read and write
|
||
|
BE0000
|
trusted library allocation
|
page read and write
|
||
|
EF7000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB97DFC000
|
stack
|
page read and write
|
||
|
23345330000
|
heap
|
page execute and read and write
|
||
|
67B0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD3478D000
|
trusted library allocation
|
page execute and read and write
|
||
|
23346C80000
|
heap
|
page read and write
|
||
|
4EE2000
|
trusted library allocation
|
page read and write
|
||
|
545E000
|
stack
|
page read and write
|
||
|
4ED0000
|
trusted library allocation
|
page read and write
|
||
|
799000
|
stack
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
233450EC000
|
heap
|
page read and write
|
||
|
28D0000
|
heap
|
page execute and read and write
|
||
|
10B0000
|
heap
|
page read and write
|
||
|
23356C91000
|
trusted library allocation
|
page read and write
|
||
|
23344F62000
|
unkown
|
page readonly
|
||
|
54F9000
|
trusted library allocation
|
page read and write
|
||
|
2334514D000
|
heap
|
page read and write
|
||
|
6800000
|
heap
|
page read and write
|
||
|
7FFD34830000
|
trusted library allocation
|
page execute and read and write
|
||
|
28C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34820000
|
trusted library allocation
|
page read and write
|
||
|
531E000
|
stack
|
page read and write
|
||
|
2335F013000
|
heap
|
page read and write
|
||
|
7FFD34794000
|
trusted library allocation
|
page read and write
|
||
|
AB97EFF000
|
stack
|
page read and write
|
||
|
AB97BFE000
|
stack
|
page read and write
|
||
|
66AE000
|
stack
|
page read and write
|
||
|
7FFD34773000
|
trusted library allocation
|
page execute and read and write
|
||
|
AB97793000
|
stack
|
page read and write
|
||
|
C2B000
|
heap
|
page read and write
|
||
|
EE2000
|
trusted library allocation
|
page read and write
|
||
|
5FED000
|
stack
|
page read and write
|
||
|
4ED6000
|
trusted library allocation
|
page read and write
|
||
|
23345530000
|
heap
|
page read and write
|
||
|
2AF6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34934000
|
trusted library allocation
|
page read and write
|
||
|
5EE0000
|
heap
|
page read and write
|
||
|
4EDB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34790000
|
trusted library allocation
|
page read and write
|
||
|
5DE0000
|
heap
|
page read and write
|
||
|
233451AE000
|
heap
|
page read and write
|
||
|
652F000
|
stack
|
page read and write
|
||
|
4EDE000
|
trusted library allocation
|
page read and write
|
||
|
EFB000
|
trusted library allocation
|
page execute and read and write
|
||
|
23345120000
|
heap
|
page read and write
|
||
|
B50000
|
heap
|
page read and write
|
||
|
2B17000
|
trusted library allocation
|
page read and write
|
||
|
5E72000
|
heap
|
page read and write
|
||
|
7FFD34930000
|
trusted library allocation
|
page read and write
|
||
|
3AB9000
|
trusted library allocation
|
page read and write
|
||
|
23345340000
|
heap
|
page read and write
|
||
|
7FFD3479B000
|
trusted library allocation
|
page execute and read and write
|
||
|
642E000
|
stack
|
page read and write
|
||
|
7FFD34970000
|
trusted library allocation
|
page execute and read and write
|
||
|
BFD000
|
trusted library allocation
|
page execute and read and write
|
||
|
ED0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD347CC000
|
trusted library allocation
|
page execute and read and write
|
||
|
67C0000
|
trusted library allocation
|
page read and write
|
||
|
AB983FD000
|
stack
|
page read and write
|
||
|
28E8000
|
trusted library allocation
|
page read and write
|
||
|
23346D23000
|
trusted library allocation
|
page read and write
|
||
|
233452F0000
|
trusted library allocation
|
page read and write
|
||
|
EE6000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34856000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD34960000
|
trusted library allocation
|
page read and write
|
||
|
23344F60000
|
unkown
|
page readonly
|
||
|
2335F51F000
|
heap
|
page read and write
|
||
|
2B09000
|
trusted library allocation
|
page read and write
|
||
|
2980000
|
heap
|
page read and write
|
||
|
EEA000
|
trusted library allocation
|
page execute and read and write
|
||
|
67D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34774000
|
trusted library allocation
|
page read and write
|
||
|
23345060000
|
heap
|
page read and write
|
||
|
7FFD34890000
|
trusted library allocation
|
page execute and read and write
|
||
|
233452E0000
|
trusted library allocation
|
page read and write
|
||
|
541F000
|
stack
|
page read and write
|
||
|
7FFD34783000
|
trusted library allocation
|
page read and write
|
||
|
1090000
|
heap
|
page read and write
|
||
|
666E000
|
stack
|
page read and write
|
||
|
602E000
|
stack
|
page read and write
|
||
|
5F4E000
|
stack
|
page read and write
|
||
|
C95000
|
heap
|
page read and write
|
||
|
7FFD34772000
|
trusted library allocation
|
page read and write
|
||
|
CDB000
|
heap
|
page read and write
|
||
|
4F5C000
|
stack
|
page read and write
|
||
|
5F00000
|
trusted library allocation
|
page execute and read and write
|
||
|
2AE6000
|
trusted library allocation
|
page read and write
|
||
|
4EF6000
|
trusted library allocation
|
page read and write
|
||
|
510E000
|
stack
|
page read and write
|
||
|
3AF5000
|
trusted library allocation
|
page read and write
|
||
|
CC3000
|
heap
|
page read and write
|
||
|
4EEA000
|
trusted library allocation
|
page read and write
|
||
|
B00000
|
heap
|
page read and write
|
||
|
7FFD34950000
|
trusted library allocation
|
page read and write
|
||
|
5520000
|
trusted library allocation
|
page read and write
|
||
|
BF4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34913000
|
trusted library allocation
|
page read and write
|
||
|
C1F000
|
heap
|
page read and write
|
||
|
AB980FE000
|
stack
|
page read and write
|
||
|
7FFD3477D000
|
trusted library allocation
|
page execute and read and write
|
||
|
2B1B000
|
trusted library allocation
|
page read and write
|
||
|
7F090000
|
trusted library allocation
|
page execute and read and write
|
||
|
AF9000
|
stack
|
page read and write
|
||
|
23346C20000
|
heap
|
page execute and read and write
|
||
|
23345535000
|
heap
|
page read and write
|
||
|
7FFD34940000
|
trusted library allocation
|
page read and write
|
||
|
AB97FFF000
|
stack
|
page read and write
|
||
|
23345345000
|
heap
|
page read and write
|
||
|
552C000
|
trusted library allocation
|
page read and write
|
||
|
23346C91000
|
trusted library allocation
|
page read and write
|
||
|
2A8E000
|
stack
|
page read and write
|
||
|
67AF000
|
stack
|
page read and write
|
||
|
6A80000
|
heap
|
page read and write
|
||
|
5E76000
|
heap
|
page read and write
|
||
|
EE0000
|
trusted library allocation
|
page read and write
|
||
|
4F73000
|
heap
|
page read and write
|
||
|
7FFD34966000
|
trusted library allocation
|
page read and write
|
||
|
5BDF000
|
stack
|
page read and write
|
||
|
5110000
|
heap
|
page execute and read and write
|
||
|
233452C0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD34826000
|
trusted library allocation
|
page read and write
|
||
|
AB97AFE000
|
stack
|
page read and write
|
||
|
7FFD3482C000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
233452F3000
|
trusted library allocation
|
page read and write
|
||
|
7FF4FD610000
|
trusted library allocation
|
page execute and read and write
|
||
|
4EFD000
|
trusted library allocation
|
page read and write
|
||
|
23345080000
|
heap
|
page read and write
|
||
|
F5E000
|
stack
|
page read and write
|
There are 189 hidden memdumps, click here to show them.