Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
PO-SINCO-PDF.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
||
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_PO-SINCO-PDF.exe_2124842be94b53df48482161971cf6d3b1c6d74_f89742f5_046ffd4c-7bee-4f4d-bb98-98cece3cb9e1\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC63D.tmp.dmp
|
Mini DuMP crash report, 16 streams, Mon Oct 21 11:17:07 2024, 0x1205a4 type
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC90D.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC96C.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a4egxohx.mgi.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvixqlf4.mpp.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbs3lj2r.twe.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zi5uq1v5.0ld.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Users\user\Desktop\PO-SINCO-PDF.exe
|
"C:\Users\user\Desktop\PO-SINCO-PDF.exe"
|
||
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO-SINCO-PDF.exe"
-Force
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
|
||
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
|
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe"
|
||
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7460 -s 896
|
||
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
|
EnableLUA
|
||
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance
|
Enabled
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
ProgramId
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
FileId
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
LowerCaseLongPath
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
LongPathHash
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Name
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
OriginalFileName
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Publisher
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Version
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
BinFileVersion
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
BinaryType
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
ProductName
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
ProductVersion
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
LinkDate
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
BinProductVersion
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
AppxPackageFullName
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
AppxPackageRelativeId
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Size
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Language
|
||
\REGISTRY\A\{5e22ef72-fd0f-58a7-71b4-a2cdcb237e13}\Root\InventoryApplicationFile\po-sinco-pdf.exe|7625de9b19bf8dcb
|
Usn
|
There are 11 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
3073000
|
trusted library allocation
|
page read and write
|
||
400000
|
remote allocation
|
page execute and read and write
|
||
5270000
|
direct allocation
|
page read and write
|
||
7FFB4B2C6000
|
trusted library allocation
|
page read and write
|
||
5B1D000
|
direct allocation
|
page execute and read and write
|
||
ED3000
|
heap
|
page read and write
|
||
503D000
|
stack
|
page read and write
|
||
57DF000
|
stack
|
page read and write
|
||
ED0000
|
heap
|
page read and write
|
||
7FFB4B417000
|
trusted library allocation
|
page read and write
|
||
11F5000
|
heap
|
page read and write
|
||
7FFB4B3C5000
|
trusted library allocation
|
page read and write
|
||
7FFB4B3DF000
|
trusted library allocation
|
page read and write
|
||
7FFB4B212000
|
trusted library allocation
|
page read and write
|
||
5B01000
|
direct allocation
|
page execute and read and write
|
||
1BC2B000
|
heap
|
page read and write
|
||
5318000
|
heap
|
page read and write
|
||
7FFB4B3F0000
|
trusted library allocation
|
page read and write
|
||
131B9000
|
trusted library allocation
|
page read and write
|
||
5300000
|
heap
|
page read and write
|
||
513C000
|
stack
|
page read and write
|
||
1B8E0000
|
trusted library section
|
page read and write
|
||
3336000
|
trusted library allocation
|
page read and write
|
||
11C0000
|
trusted library allocation
|
page read and write
|
||
1C1AE000
|
stack
|
page read and write
|
||
7FFB4B2C0000
|
trusted library allocation
|
page read and write
|
||
12E8C000
|
trusted library allocation
|
page read and write
|
||
1AE10000
|
trusted library allocation
|
page read and write
|
||
7FFB4B222000
|
trusted library allocation
|
page read and write
|
||
E9C000
|
heap
|
page read and write
|
||
CF1000
|
stack
|
page read and write
|
||
2E00000
|
trusted library allocation
|
page read and write
|
||
2EDF000
|
trusted library allocation
|
page read and write
|
||
5310000
|
heap
|
page read and write
|
||
5B98000
|
direct allocation
|
page execute and read and write
|
||
7FF4F97E0000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4B3CB000
|
trusted library allocation
|
page read and write
|
||
54E0000
|
heap
|
page read and write
|
||
7FFB4B330000
|
trusted library allocation
|
page execute and read and write
|
||
131E7000
|
trusted library allocation
|
page read and write
|
||
2B9E000
|
stack
|
page read and write
|
||
E45000
|
heap
|
page read and write
|
||
1B25C000
|
stack
|
page read and write
|
||
1BBDE000
|
stack
|
page read and write
|
||
E90000
|
heap
|
page read and write
|
||
7FFB4B21D000
|
trusted library allocation
|
page execute and read and write
|
||
DF0000
|
heap
|
page read and write
|
||
7FFB4B26C000
|
trusted library allocation
|
page execute and read and write
|
||
D10000
|
heap
|
page read and write
|
||
1C2AB000
|
stack
|
page read and write
|
||
1BC38000
|
heap
|
page read and write
|
||
1C0AD000
|
stack
|
page read and write
|
||
118E000
|
stack
|
page read and write
|
||
5850000
|
direct allocation
|
page execute and read and write
|
||
E96000
|
heap
|
page read and write
|
||
F50000
|
heap
|
page read and write
|
||
1BEA0000
|
heap
|
page read and write
|
||
7FFB4B3C0000
|
trusted library allocation
|
page read and write
|
||
EFA000
|
heap
|
page read and write
|
||
7FFB4B220000
|
trusted library allocation
|
page read and write
|
||
E50000
|
heap
|
page read and write
|
||
5B16000
|
direct allocation
|
page execute and read and write
|
||
EB3000
|
heap
|
page read and write
|
||
EBA000
|
heap
|
page read and write
|
||
59EE000
|
direct allocation
|
page execute and read and write
|
||
13471000
|
trusted library allocation
|
page read and write
|
||
12FE000
|
stack
|
page read and write
|
||
12DE1000
|
trusted library allocation
|
page read and write
|
||
7FFB4B2F6000
|
trusted library allocation
|
page execute and read and write
|
||
5260000
|
heap
|
page read and write
|
||
1B69D000
|
stack
|
page read and write
|
||
EAF000
|
heap
|
page read and write
|
||
5979000
|
direct allocation
|
page execute and read and write
|
||
7FFB4B400000
|
trusted library allocation
|
page execute and read and write
|
||
108E000
|
stack
|
page read and write
|
||
1BADE000
|
stack
|
page read and write
|
||
2DD0000
|
heap
|
page execute and read and write
|
||
7FFB4B2D0000
|
trusted library allocation
|
page execute and read and write
|
||
11B0000
|
trusted library allocation
|
page read and write
|
||
7FFB4B23B000
|
trusted library allocation
|
page execute and read and write
|
||
11F0000
|
heap
|
page read and write
|
||
597D000
|
direct allocation
|
page execute and read and write
|
||
7FFB4B3D0000
|
trusted library allocation
|
page read and write
|
||
5230000
|
heap
|
page read and write
|
||
7FFB4B3B0000
|
trusted library allocation
|
page read and write
|
||
7FFB4B230000
|
trusted library allocation
|
page read and write
|
||
135C6000
|
trusted library allocation
|
page read and write
|
||
7FFB4B3E0000
|
trusted library allocation
|
page read and write
|
||
12FC9000
|
trusted library allocation
|
page read and write
|
||
51EE000
|
stack
|
page read and write
|
||
7FFB4B2CC000
|
trusted library allocation
|
page execute and read and write
|
||
11C3000
|
trusted library allocation
|
page read and write
|
||
7FFB4B410000
|
trusted library allocation
|
page read and write
|
||
EFC000
|
heap
|
page read and write
|
||
1190000
|
trusted library allocation
|
page read and write
|
||
7FFB4B234000
|
trusted library allocation
|
page read and write
|
||
1BBE0000
|
heap
|
page read and write
|
||
56DF000
|
stack
|
page read and write
|
||
2C30000
|
heap
|
page read and write
|
||
F5B000
|
heap
|
page read and write
|
||
1B9D0000
|
heap
|
page execute and read and write
|
||
522E000
|
stack
|
page read and write
|
||
7FFB4B23D000
|
trusted library allocation
|
page execute and read and write
|
||
990000
|
unkown
|
page readonly
|
||
992000
|
unkown
|
page readonly
|
||
7FFB4B22D000
|
trusted library allocation
|
page execute and read and write
|
||
F03000
|
heap
|
page read and write
|
||
7FFB4B214000
|
trusted library allocation
|
page read and write
|
||
2DE1000
|
trusted library allocation
|
page read and write
|
||
2E57000
|
trusted library allocation
|
page read and write
|
||
51A0000
|
heap
|
page read and write
|
||
7FFB4B213000
|
trusted library allocation
|
page execute and read and write
|
||
7FFB4B420000
|
trusted library allocation
|
page read and write
|
||
E40000
|
heap
|
page read and write
|
||
E10000
|
heap
|
page read and write
|
||
1B8DE000
|
stack
|
page read and write
|
||
7FFB4B210000
|
trusted library allocation
|
page read and write
|
||
12DE7000
|
trusted library allocation
|
page read and write
|
||
2C48000
|
heap
|
page read and write
|
There are 109 hidden memdumps, click here to show them.