Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
PO ACTUATOR JC35FA2.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PO ACTUATOR JC35_9dea9cbe367daabf8a1de1fa599ddbad7f1b116a_16a8a9ff_2c87c150-5266-48a6-9715-9b75bd0be811\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D6F.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Oct 25 05:35:49 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9000.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER906F.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0fvvqjr4.wsw.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aqxitdmq.3ym.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zike3wmt.pcv.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ziw33o3a.aph.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\PO ACTUATOR JC35FA2.exe
|
"C:\Users\user\Desktop\PO ACTUATOR JC35FA2.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO ACTUATOR
JC35FA2.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 6504 -s 1432
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
ProgramId
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
FileId
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
LongPathHash
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Name
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
OriginalFileName
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Publisher
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Version
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
BinFileVersion
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
BinaryType
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
ProductName
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
ProductVersion
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
LinkDate
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
BinProductVersion
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Size
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Language
|
||
|
\REGISTRY\A\{9f97aa65-9af0-59f2-a31a-ea70f98f9f79}\Root\InventoryApplicationFile\po actuator jc35|d4b52e9f48981422
|
Usn
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2DD65058000
|
trusted library allocation
|
page read and write
|
|
|
|
36DE000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2DD74D51000
|
trusted library allocation
|
page read and write
|
|
|
|
3691000
|
trusted library allocation
|
page read and write
|
|
|
|
1706000
|
trusted library allocation
|
page execute and read and write
|
||
|
6800000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D52000
|
trusted library allocation
|
page read and write
|
||
|
1198000
|
stack
|
page read and write
|
||
|
1712000
|
trusted library allocation
|
page read and write
|
||
|
16ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
3206000
|
trusted library allocation
|
page read and write
|
||
|
648E000
|
stack
|
page read and write
|
||
|
65DF000
|
heap
|
page read and write
|
||
|
7FF848E00000
|
trusted library allocation
|
page read and write
|
||
|
EB58DFF000
|
stack
|
page read and write
|
||
|
19F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
693E000
|
stack
|
page read and write
|
||
|
7FF848D50000
|
trusted library allocation
|
page read and write
|
||
|
1730000
|
trusted library allocation
|
page read and write
|
||
|
2DD63160000
|
unkown
|
page readonly
|
||
|
7FF848E36000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD7CD70000
|
trusted library allocation
|
page read and write
|
||
|
EB58EFE000
|
stack
|
page read and write
|
||
|
177F000
|
heap
|
page read and write
|
||
|
5DD0000
|
trusted library allocation
|
page read and write
|
||
|
6594000
|
heap
|
page read and write
|
||
|
5698000
|
trusted library allocation
|
page read and write
|
||
|
46B9000
|
trusted library allocation
|
page read and write
|
||
|
2DD6333C000
|
heap
|
page read and write
|
||
|
2DD7D7A0000
|
heap
|
page read and write
|
||
|
67F0000
|
trusted library allocation
|
page read and write
|
||
|
2DD75009000
|
trusted library allocation
|
page read and write
|
||
|
2DD632AD000
|
heap
|
page read and write
|
||
|
EB591FF000
|
stack
|
page read and write
|
||
|
65BC000
|
heap
|
page read and write
|
||
|
2DD634D5000
|
heap
|
page read and write
|
||
|
7FF848F3C000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D7B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1950000
|
heap
|
page read and write
|
||
|
2DD63230000
|
heap
|
page read and write
|
||
|
5840000
|
heap
|
page read and write
|
||
|
5830000
|
trusted library allocation
|
page read and write
|
||
|
2DD63250000
|
heap
|
page read and write
|
||
|
16E0000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
2DD7D80C000
|
heap
|
page read and write
|
||
|
46F9000
|
trusted library allocation
|
page read and write
|
||
|
5DC0000
|
trusted library allocation
|
page read and write
|
||
|
6810000
|
trusted library allocation
|
page execute and read and write
|
||
|
31FA000
|
trusted library allocation
|
page read and write
|
||
|
1700000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D70000
|
trusted library allocation
|
page read and write
|
||
|
EB593FD000
|
stack
|
page read and write
|
||
|
7FF848F55000
|
trusted library allocation
|
page read and write
|
||
|
2DD63220000
|
heap
|
page read and write
|
||
|
6AFE000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
4699000
|
trusted library allocation
|
page read and write
|
||
|
EB590FE000
|
stack
|
page read and write
|
||
|
7FF848E0C000
|
trusted library allocation
|
page execute and read and write
|
||
|
EB58AF2000
|
stack
|
page read and write
|
||
|
EB596FD000
|
stack
|
page read and write
|
||
|
1715000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD632E2000
|
heap
|
page read and write
|
||
|
2DD74D47000
|
trusted library allocation
|
page read and write
|
||
|
6950000
|
trusted library allocation
|
page read and write
|
||
|
7FF848DAC000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD63360000
|
heap
|
page read and write
|
||
|
2DD63270000
|
heap
|
page read and write
|
||
|
7FF848E70000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D5D000
|
trusted library allocation
|
page execute and read and write
|
||
|
59DE000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page execute and read and write
|
||
|
6806000
|
trusted library allocation
|
page read and write
|
||
|
31EE000
|
trusted library allocation
|
page read and write
|
||
|
16F0000
|
trusted library allocation
|
page read and write
|
||
|
2DD64DF9000
|
trusted library allocation
|
page read and write
|
||
|
5A20000
|
heap
|
page execute and read and write
|
||
|
7FF848F50000
|
trusted library allocation
|
page read and write
|
||
|
16FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D74000
|
trusted library allocation
|
page read and write
|
||
|
6B00000
|
trusted library allocation
|
page read and write
|
||
|
2DD7D790000
|
heap
|
page execute and read and write
|
||
|
170A000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D6E000
|
stack
|
page read and write
|
||
|
68FE000
|
stack
|
page read and write
|
||
|
31C0000
|
trusted library allocation
|
page read and write
|
||
|
2DD751B1000
|
trusted library allocation
|
page read and write
|
||
|
334F000
|
stack
|
page read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
19DC000
|
stack
|
page read and write
|
||
|
2DD634F0000
|
heap
|
page read and write
|
||
|
7FF848D54000
|
trusted library allocation
|
page read and write
|
||
|
2DD63166000
|
unkown
|
page readonly
|
||
|
2DD63595000
|
heap
|
page read and write
|
||
|
2DD63440000
|
heap
|
page read and write
|
||
|
EB58FFC000
|
stack
|
page read and write
|
||
|
597C000
|
stack
|
page read and write
|
||
|
6EC0000
|
heap
|
page read and write
|
||
|
15C0000
|
heap
|
page read and write
|
||
|
2DD63510000
|
heap
|
page execute and read and write
|
||
|
2DD632DC000
|
heap
|
page read and write
|
||
|
6860000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848F30000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D7D000
|
trusted library allocation
|
page execute and read and write
|
||
|
5D2E000
|
stack
|
page read and write
|
||
|
3201000
|
trusted library allocation
|
page read and write
|
||
|
1717000
|
trusted library allocation
|
page execute and read and write
|
||
|
31EB000
|
trusted library allocation
|
page read and write
|
||
|
31F2000
|
trusted library allocation
|
page read and write
|
||
|
16E4000
|
trusted library allocation
|
page read and write
|
||
|
582D000
|
stack
|
page read and write
|
||
|
16D0000
|
trusted library allocation
|
page read and write
|
||
|
2DD632B1000
|
heap
|
page read and write
|
||
|
2DD634D0000
|
heap
|
page read and write
|
||
|
2DD64D41000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D62000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D6D000
|
trusted library allocation
|
page execute and read and write
|
||
|
4691000
|
trusted library allocation
|
page read and write
|
||
|
6E80000
|
heap
|
page read and write
|
||
|
177C000
|
heap
|
page read and write
|
||
|
7FF848F40000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD634C3000
|
trusted library allocation
|
page read and write
|
||
|
3220000
|
trusted library allocation
|
page read and write
|
||
|
6947000
|
trusted library allocation
|
page read and write
|
||
|
6E90000
|
trusted library allocation
|
page execute and read and write
|
||
|
65DA000
|
heap
|
page read and write
|
||
|
320D000
|
trusted library allocation
|
page read and write
|
||
|
36E6000
|
trusted library allocation
|
page read and write
|
||
|
31FE000
|
trusted library allocation
|
page read and write
|
||
|
2DD64E0E000
|
trusted library allocation
|
page read and write
|
||
|
7FF848D60000
|
trusted library allocation
|
page read and write
|
||
|
7FF848EF0000
|
trusted library allocation
|
page read and write
|
||
|
1702000
|
trusted library allocation
|
page read and write
|
||
|
16E3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848D53000
|
trusted library allocation
|
page execute and read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
31E6000
|
trusted library allocation
|
page read and write
|
||
|
5DC9000
|
trusted library allocation
|
page read and write
|
||
|
685D000
|
stack
|
page read and write
|
||
|
19E0000
|
heap
|
page read and write
|
||
|
2DD7D650000
|
trusted library section
|
page read and write
|
||
|
3233000
|
heap
|
page read and write
|
||
|
EB58CFE000
|
stack
|
page read and write
|
||
|
7FF4DAE40000
|
trusted library allocation
|
page execute and read and write
|
||
|
36DC000
|
trusted library allocation
|
page read and write
|
||
|
1748000
|
heap
|
page read and write
|
||
|
5C2E000
|
stack
|
page read and write
|
||
|
6590000
|
heap
|
page read and write
|
||
|
7FF848F04000
|
trusted library allocation
|
page read and write
|
||
|
1710000
|
trusted library allocation
|
page read and write
|
||
|
2DD74D41000
|
trusted library allocation
|
page read and write
|
||
|
2DD63590000
|
heap
|
page read and write
|
||
|
171B000
|
trusted library allocation
|
page execute and read and write
|
||
|
2DD6327C000
|
heap
|
page read and write
|
||
|
EB58BFE000
|
stack
|
page read and write
|
||
|
EB597FE000
|
stack
|
page read and write
|
||
|
7FF848F61000
|
trusted library allocation
|
page read and write
|
||
|
1A10000
|
heap
|
page read and write
|
||
|
7FF848F00000
|
trusted library allocation
|
page read and write
|
||
|
7F2F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF848E10000
|
trusted library allocation
|
page execute and read and write
|
||
|
6940000
|
trusted library allocation
|
page read and write
|
||
|
31D0000
|
trusted library allocation
|
page read and write
|
||
|
65B1000
|
heap
|
page read and write
|
||
|
5A1E000
|
stack
|
page read and write
|
||
|
2DD63299000
|
heap
|
page read and write
|
||
|
5B2C000
|
stack
|
page read and write
|
||
|
2DD64D66000
|
trusted library allocation
|
page read and write
|
||
|
15C5000
|
heap
|
page read and write
|
||
|
7FF848F09000
|
trusted library allocation
|
page read and write
|
||
|
199E000
|
stack
|
page read and write
|
||
|
2DD63490000
|
trusted library allocation
|
page read and write
|
||
|
65D8000
|
heap
|
page read and write
|
||
|
2DD64E18000
|
trusted library allocation
|
page read and write
|
||
|
7FF848F10000
|
trusted library allocation
|
page read and write
|
||
|
109A000
|
stack
|
page read and write
|
||
|
1520000
|
heap
|
page read and write
|
||
|
7FF848F20000
|
trusted library allocation
|
page read and write
|
||
|
2DD634B0000
|
trusted library allocation
|
page read and write
|
||
|
1740000
|
heap
|
page read and write
|
||
|
2DD7D770000
|
heap
|
page read and write
|
||
|
180F000
|
heap
|
page read and write
|
||
|
2DD63162000
|
unkown
|
page readonly
|
||
|
5DDC000
|
trusted library allocation
|
page read and write
|
||
|
EB592FE000
|
stack
|
page read and write
|
||
|
2DD632AF000
|
heap
|
page read and write
|
||
|
2DD632DA000
|
heap
|
page read and write
|
||
|
EB598FB000
|
stack
|
page read and write
|
||
|
7FF848E06000
|
trusted library allocation
|
page read and write
|
||
|
31E0000
|
trusted library allocation
|
page read and write
|
||
|
2DD634C0000
|
trusted library allocation
|
page read and write
|
There are 183 hidden memdumps, click here to show them.