IOC Report
qlGJTKUY7O.exe

loading gifFilesProcessesURLsIPsRegistryMemdumps21010Label

Files

File Path
Type
Category
Malicious
Download
qlGJTKUY7O.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_qlGJTKUY7O.exe_90983ca191176330d112e4af8de4475578a3956_0f664c95_1cfd42b7-a105-4654-ada2-ba48eddbe2c5\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
malicious
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC411.tmp.dmp
Mini DuMP crash report, 16 streams, Mon Jan 27 18:49:11 2025, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5D7.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC626.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\qlGJTKUY7O.exe
"C:\Users\user\Desktop\qlGJTKUY7O.exe"
malicious
C:\Windows\System32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6200 -s 1528

URLs

Name
IP
Malicious
176.113.115.225
malicious
http://upx.sf.net
unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
unknown

IPs

IP
Domain
Country
Malicious
176.113.115.225
unknown
Russian Federation
malicious

Registry

Path
Value
Malicious
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
ProgramId
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
FileId
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
LowerCaseLongPath
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
LongPathHash
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Name
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
OriginalFileName
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Publisher
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Version
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
BinFileVersion
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
BinaryType
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
ProductName
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
ProductVersion
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
LinkDate
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
BinProductVersion
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
AppxPackageFullName
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
AppxPackageRelativeId
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Size
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Language
\REGISTRY\A\{72e8bac2-f4bd-eb18-23cd-32c3883197ff}\Root\InventoryApplicationFile\qlgjtkuy7o.exe|6e1c6d161f9cf5a4
Usn
There are 9 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
AB2000
unkown
page readonly
malicious
2F81000
trusted library allocation
page read and write
malicious
1B8E3000
heap
page read and write
1AFB0000
trusted library allocation
page read and write
1B9E4000
stack
page read and write
1C69C000
stack
page read and write
1BBAE000
stack
page read and write
2DE3000
heap
page read and write
AB0000
unkown
page readonly
1002000
heap
page read and write
7FFB4AD16000
trusted library allocation
page read and write
F40000
heap
page read and write
7FFB4AC84000
trusted library allocation
page read and write
BA5000
heap
page read and write
7FFB4AC60000
trusted library allocation
page read and write
FFF000
heap
page read and write
1BDB8000
heap
page read and write
F6B000
heap
page read and write
FB0000
heap
page read and write
2F70000
heap
page execute and read and write
12F81000
trusted library allocation
page read and write
7FFB4AD1C000
trusted library allocation
page execute and read and write
7FFB4AE20000
trusted library allocation
page execute and read and write
7FFB4AD20000
trusted library allocation
page execute and read and write
1BCAF000
stack
page read and write
7FFB4AE02000
trusted library allocation
page read and write
1BDBE000
heap
page read and write
7FFB4AD46000
trusted library allocation
page execute and read and write
7FFB4ACBC000
trusted library allocation
page execute and read and write
7FFB4AC64000
trusted library allocation
page read and write
EF4000
stack
page read and write
1BDF8000
heap
page read and write
7FFB4AE11000
trusted library allocation
page read and write
BA0000
heap
page read and write
12F88000
trusted library allocation
page read and write
7FFB4AD10000
trusted library allocation
page read and write
7FFB4AC63000
trusted library allocation
page execute and read and write
12D5000
heap
page read and write
12F8E000
trusted library allocation
page read and write
352A000
trusted library allocation
page read and write
2DD0000
heap
page read and write
F83000
heap
page read and write
2F60000
heap
page read and write
1BE1A000
heap
page read and write
7FFB4AC70000
trusted library allocation
page read and write
1C39A000
stack
page read and write
F33000
trusted library allocation
page read and write
1B839000
stack
page read and write
F20000
trusted library allocation
page read and write
1C29D000
stack
page read and write
1B3FC000
stack
page read and write
B50000
heap
page read and write
7FFB4AC6D000
trusted library allocation
page execute and read and write
2DBF000
stack
page read and write
1BAA0000
heap
page execute and read and write
AB0000
unkown
page readonly
F80000
heap
page read and write
1BDAE000
stack
page read and write
FAE000
heap
page read and write
BB0000
heap
page read and write
7FFB4AD80000
trusted library allocation
page execute and read and write
F4C000
heap
page read and write
1BE1E000
heap
page read and write
1B8E0000
heap
page read and write
2D7E000
stack
page read and write
F46000
heap
page read and write
120C000
stack
page read and write
F30000
trusted library allocation
page read and write
F00000
trusted library allocation
page read and write
7FFB4AC8D000
trusted library allocation
page execute and read and write
7FFB4AC80000
trusted library allocation
page read and write
1BDB0000
heap
page read and write
FB4000
heap
page read and write
2F2E000
stack
page read and write
B80000
heap
page read and write
7FFB4AC73000
trusted library allocation
page read and write
F5F000
heap
page read and write
1C49C000
stack
page read and write
1BDED000
heap
page read and write
12D0000
heap
page read and write
B60000
heap
page read and write
7FFB4AC7D000
trusted library allocation
page execute and read and write
1280000
heap
page read and write
7FF4E2580000
trusted library allocation
page execute and read and write
There are 74 hidden memdumps, click here to show them.