Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
techno POORD035338.exe
|
PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_techno POORD0353_737df471f3d4707e2576043dad1822d6d9fb458_8d646ceb_696b2f17-e9eb-4dec-987d-5eb09c41ff94\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1F.tmp.dmp
|
Mini DuMP crash report, 16 streams, Fri Oct 25 05:52:30 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREB0.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREE0.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hf0vdf5i.0ea.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ldwe3j55.2g2.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xnw0gpsf.iix.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xoltasl4.53i.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\techno POORD035338.exe
|
"C:\Users\user\Desktop\techno POORD035338.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\techno
POORD035338.exe" -Force
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7472 -s 1600
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://mail.iaa-airferight.com
|
unknown
|
|
|
|
http://upx.sf.net
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://go.mic
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
mail.iaa-airferight.com
|
46.175.148.58
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
46.175.148.58
|
mail.iaa-airferight.com
|
Ukraine
|
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
|
|
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
ProgramId
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
FileId
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
LongPathHash
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Name
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
OriginalFileName
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Publisher
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Version
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
BinFileVersion
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
BinaryType
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
ProductName
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
ProductVersion
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
LinkDate
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
BinProductVersion
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Size
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Language
|
||
|
\REGISTRY\A\{1cfd0ec7-903c-8f66-40ed-11830f0c378a}\Root\InventoryApplicationFile\techno poord0353|e8df6217b15dac3b
|
Usn
|
There are 11 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
2EE1000
|
trusted library allocation
|
page read and write
|
|
|
|
402000
|
remote allocation
|
page execute and read and write
|
|
|
|
2F2E000
|
trusted library allocation
|
page read and write
|
|
|
|
16880371000
|
trusted library allocation
|
page read and write
|
|
|
|
16890011000
|
trusted library allocation
|
page read and write
|
|
|
|
6B70000
|
trusted library allocation
|
page read and write
|
||
|
7FF4A2F60000
|
trusted library allocation
|
page execute and read and write
|
||
|
168ED3DF000
|
heap
|
page read and write
|
||
|
541D000
|
trusted library allocation
|
page read and write
|
||
|
6B80000
|
trusted library allocation
|
page read and write
|
||
|
53D0000
|
trusted library allocation
|
page read and write
|
||
|
5422000
|
trusted library allocation
|
page read and write
|
||
|
3EE1000
|
trusted library allocation
|
page read and write
|
||
|
1190000
|
heap
|
page read and write
|
||
|
7FFD9B5ED000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B5C2000
|
trusted library allocation
|
page read and write
|
||
|
168ED415000
|
heap
|
page read and write
|
||
|
168EED80000
|
heap
|
page read and write
|
||
|
1201000
|
heap
|
page read and write
|
||
|
36C46FD000
|
stack
|
page read and write
|
||
|
599E000
|
stack
|
page read and write
|
||
|
570E000
|
stack
|
page read and write
|
||
|
168ED3EC000
|
heap
|
page read and write
|
||
|
2F2C000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B6E0000
|
trusted library allocation
|
page execute and read and write
|
||
|
61F0000
|
heap
|
page read and write
|
||
|
168EF755000
|
heap
|
page read and write
|
||
|
656E000
|
stack
|
page read and write
|
||
|
168ED160000
|
heap
|
page read and write
|
||
|
168ED38C000
|
heap
|
page read and write
|
||
|
11FE000
|
heap
|
page read and write
|
||
|
1355000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B5DD000
|
trusted library allocation
|
page execute and read and write
|
||
|
400000
|
remote allocation
|
page execute and read and write
|
||
|
168EF74C000
|
heap
|
page read and write
|
||
|
7FFD9B680000
|
trusted library allocation
|
page execute and read and write
|
||
|
2E8F000
|
stack
|
page read and write
|
||
|
16880001000
|
trusted library allocation
|
page read and write
|
||
|
1298000
|
heap
|
page read and write
|
||
|
1324000
|
trusted library allocation
|
page read and write
|
||
|
168EEBF0000
|
heap
|
page execute and read and write
|
||
|
11F4000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
168EF708000
|
heap
|
page read and write
|
||
|
36C40FF000
|
stack
|
page read and write
|
||
|
7FFD9B7B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7F580000
|
trusted library allocation
|
page execute and read and write
|
||
|
135B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1310000
|
trusted library allocation
|
page read and write
|
||
|
16880079000
|
trusted library allocation
|
page read and write
|
||
|
16880050000
|
trusted library allocation
|
page read and write
|
||
|
168ED240000
|
heap
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
36C3DFE000
|
stack
|
page read and write
|
||
|
1040000
|
heap
|
page read and write
|
||
|
7FFD9B5CD000
|
trusted library allocation
|
page execute and read and write
|
||
|
5416000
|
trusted library allocation
|
page read and write
|
||
|
6260000
|
heap
|
page read and write
|
||
|
1352000
|
trusted library allocation
|
page read and write
|
||
|
1340000
|
trusted library allocation
|
page read and write
|
||
|
36C3EFE000
|
stack
|
page read and write
|
||
|
7FFD9B5E0000
|
trusted library allocation
|
page read and write
|
||
|
36C42FE000
|
stack
|
page read and write
|
||
|
3F4D000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5E4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5C3000
|
trusted library allocation
|
page execute and read and write
|
||
|
168ED290000
|
heap
|
page read and write
|
||
|
12AB000
|
heap
|
page read and write
|
||
|
134A000
|
trusted library allocation
|
page execute and read and write
|
||
|
55AC000
|
stack
|
page read and write
|
||
|
5411000
|
trusted library allocation
|
page read and write
|
||
|
6233000
|
heap
|
page read and write
|
||
|
2ED0000
|
heap
|
page execute and read and write
|
||
|
53C0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B790000
|
trusted library allocation
|
page read and write
|
||
|
5402000
|
trusted library allocation
|
page read and write
|
||
|
6490000
|
trusted library allocation
|
page read and write
|
||
|
36C47FE000
|
stack
|
page read and write
|
||
|
1330000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5C0000
|
trusted library allocation
|
page read and write
|
||
|
168ED260000
|
heap
|
page read and write
|
||
|
4EE8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C5000
|
trusted library allocation
|
page read and write
|
||
|
6570000
|
trusted library allocation
|
page execute and read and write
|
||
|
6436000
|
trusted library allocation
|
page read and write
|
||
|
168ED280000
|
heap
|
page read and write
|
||
|
6E30000
|
heap
|
page read and write
|
||
|
648D000
|
stack
|
page read and write
|
||
|
5560000
|
heap
|
page read and write
|
||
|
36C48FB000
|
stack
|
page read and write
|
||
|
6205000
|
heap
|
page read and write
|
||
|
540A000
|
trusted library allocation
|
page read and write
|
||
|
36C3BFE000
|
stack
|
page read and write
|
||
|
168ED0A6000
|
unkown
|
page readonly
|
||
|
7FFD9B67C000
|
trusted library allocation
|
page execute and read and write
|
||
|
36C3AF2000
|
stack
|
page read and write
|
||
|
595E000
|
stack
|
page read and write
|
||
|
672E000
|
stack
|
page read and write
|
||
|
1248000
|
heap
|
page read and write
|
||
|
168ED362000
|
heap
|
page read and write
|
||
|
7FFD9B5EB000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B676000
|
trusted library allocation
|
page read and write
|
||
|
168ED320000
|
heap
|
page read and write
|
||
|
16880118000
|
trusted library allocation
|
page read and write
|
||
|
1323000
|
trusted library allocation
|
page execute and read and write
|
||
|
168EEBC3000
|
trusted library allocation
|
page read and write
|
||
|
168ED0A0000
|
unkown
|
page readonly
|
||
|
7FFD9B7A0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5D0000
|
trusted library allocation
|
page read and write
|
||
|
36C43FD000
|
stack
|
page read and write
|
||
|
168ED38A000
|
heap
|
page read and write
|
||
|
6580000
|
trusted library allocation
|
page read and write
|
||
|
1050000
|
heap
|
page read and write
|
||
|
CCA000
|
stack
|
page read and write
|
||
|
540E000
|
trusted library allocation
|
page read and write
|
||
|
11C0000
|
heap
|
page read and write
|
||
|
11CB000
|
heap
|
page read and write
|
||
|
61D0000
|
heap
|
page read and write
|
||
|
7FFD9B7AC000
|
trusted library allocation
|
page read and write
|
||
|
168EEBC0000
|
trusted library allocation
|
page read and write
|
||
|
53FE000
|
trusted library allocation
|
page read and write
|
||
|
53F0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B5C4000
|
trusted library allocation
|
page read and write
|
||
|
168ED300000
|
heap
|
page read and write
|
||
|
574E000
|
stack
|
page read and write
|
||
|
16890007000
|
trusted library allocation
|
page read and write
|
||
|
168ED310000
|
trusted library allocation
|
page read and write
|
||
|
168ED0A2000
|
unkown
|
page readonly
|
||
|
1370000
|
trusted library allocation
|
page read and write
|
||
|
168EF860000
|
heap
|
page read and write
|
||
|
168EF716000
|
heap
|
page read and write
|
||
|
6410000
|
trusted library allocation
|
page read and write
|
||
|
168ED34B000
|
heap
|
page read and write
|
||
|
7FFD9B5D2000
|
trusted library allocation
|
page read and write
|
||
|
1380000
|
heap
|
page read and write
|
||
|
6BB0000
|
heap
|
page read and write
|
||
|
14A6000
|
heap
|
page read and write
|
||
|
1236000
|
heap
|
page read and write
|
||
|
53E0000
|
trusted library allocation
|
page read and write
|
||
|
168EF590000
|
trusted library section
|
page read and write
|
||
|
6243000
|
heap
|
page read and write
|
||
|
168ED285000
|
heap
|
page read and write
|
||
|
1055000
|
heap
|
page read and write
|
||
|
7FFD9B7D1000
|
trusted library allocation
|
page read and write
|
||
|
53F6000
|
trusted library allocation
|
page read and write
|
||
|
53FB000
|
trusted library allocation
|
page read and write
|
||
|
6440000
|
trusted library allocation
|
page execute and read and write
|
||
|
168EF6C0000
|
heap
|
page execute and read and write
|
||
|
5440000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B774000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B61C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F44000
|
trusted library allocation
|
page read and write
|
||
|
168ED32C000
|
heap
|
page read and write
|
||
|
1320000
|
trusted library allocation
|
page read and write
|
||
|
6257000
|
heap
|
page read and write
|
||
|
12A6000
|
heap
|
page read and write
|
||
|
61DC000
|
heap
|
page read and write
|
||
|
1030000
|
heap
|
page read and write
|
||
|
5460000
|
heap
|
page read and write
|
||
|
36C3FFC000
|
stack
|
page read and write
|
||
|
652E000
|
stack
|
page read and write
|
||
|
5A9E000
|
stack
|
page read and write
|
||
|
168ED35F000
|
heap
|
page read and write
|
||
|
5750000
|
heap
|
page execute and read and write
|
||
|
168EF70B000
|
heap
|
page read and write
|
||
|
16890471000
|
trusted library allocation
|
page read and write
|
||
|
5430000
|
trusted library allocation
|
page read and write
|
||
|
36C3CFE000
|
stack
|
page read and write
|
||
|
168ED2E0000
|
trusted library allocation
|
page read and write
|
||
|
168ED3E1000
|
heap
|
page read and write
|
||
|
2D8E000
|
stack
|
page read and write
|
||
|
DC8000
|
stack
|
page read and write
|
||
|
1346000
|
trusted library allocation
|
page execute and read and write
|
||
|
5563000
|
heap
|
page read and write
|
||
|
6430000
|
trusted library allocation
|
page read and write
|
||
|
3F09000
|
trusted library allocation
|
page read and write
|
||
|
1688012B000
|
trusted library allocation
|
page read and write
|
||
|
1490000
|
heap
|
page read and write
|
||
|
168EF759000
|
heap
|
page read and write
|
||
|
2ECC000
|
stack
|
page read and write
|
||
|
585E000
|
stack
|
page read and write
|
||
|
132D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1342000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7C0000
|
trusted library allocation
|
page read and write
|
||
|
6209000
|
heap
|
page read and write
|
||
|
16890001000
|
trusted library allocation
|
page read and write
|
||
|
5AF9000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B779000
|
trusted library allocation
|
page read and write
|
||
|
3EE9000
|
trusted library allocation
|
page read and write
|
||
|
133D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B670000
|
trusted library allocation
|
page read and write
|
||
|
61D4000
|
heap
|
page read and write
|
||
|
507D000
|
stack
|
page read and write
|
||
|
14A0000
|
heap
|
page read and write
|
||
|
624C000
|
heap
|
page read and write
|
||
|
56AC000
|
stack
|
page read and write
|
||
|
168EF6D0000
|
heap
|
page read and write
|
||
|
1350000
|
trusted library allocation
|
page read and write
|
||
|
1262000
|
heap
|
page read and write
|
||
|
1357000
|
trusted library allocation
|
page execute and read and write
|
||
|
2F36000
|
trusted library allocation
|
page read and write
|
||
|
6213000
|
heap
|
page read and write
|
||
|
7FFD9B6A6000
|
trusted library allocation
|
page execute and read and write
|
||
|
36C41FE000
|
stack
|
page read and write
|
||
|
6587000
|
trusted library allocation
|
page read and write
|
||
|
6BC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
168EEDC0000
|
trusted library allocation
|
page read and write
|
||
|
6420000
|
heap
|
page read and write
|
||
|
168ED305000
|
heap
|
page read and write
|
||
|
641C000
|
trusted library allocation
|
page read and write
|
||
|
168902C9000
|
trusted library allocation
|
page read and write
|
||
|
5AF0000
|
trusted library allocation
|
page read and write
|
There are 203 hidden memdumps, click here to show them.