Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Amended Order #60-230958400.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\Users\user\AppData\Local\Temp\tmp61BF.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
C:\Users\user\AppData\Roaming\BKTxiN.exe
|
PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
|
dropped
|
|
|
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Amended Order #60-230958400.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BKTxiN.exe.log
|
CSV text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_alvetql5.tsi.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0lcoygy.c0y.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_daaihad3.ti1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hoyj4dd0.klh.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rptktlxf.sri.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tbjvb5s3.fgw.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v12ffaa0.wy1.ps1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wzvsikpm.fdb.psm1
|
ASCII text, with no line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\tmp6FE8.tmp
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\BKTxiN.exe:Zone.Identifier
|
ASCII text, with CRLF line terminators
|
dropped
|
There are 6 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\Amended Order #60-230958400.exe
|
"C:\Users\user\Desktop\Amended Order #60-230958400.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Amended
Order #60-230958400.exe"
|
|
|
|
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
|
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\BKTxiN.exe"
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BKTxiN" /XML "C:\Users\user\AppData\Local\Temp\tmp61BF.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
|
|
|
|
C:\Users\user\AppData\Roaming\BKTxiN.exe
|
C:\Users\user\AppData\Roaming\BKTxiN.exe
|
|
|
|
C:\Windows\System32\schtasks.exe
|
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\BKTxiN" /XML "C:\Users\user\AppData\Local\Temp\tmp6FE8.tmp"
|
|
|
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
|
|
|
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7572 -s 12
|
||
|
C:\Windows\System32\wbem\WmiPrvSE.exe
|
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\System32\WerFault.exe
|
C:\Windows\system32\WerFault.exe -u -p 7956 -s 12
|
There are 5 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
|
http://www.fontbureau.com
|
unknown
|
||
|
http://www.fontbureau.com/designersG
|
unknown
|
||
|
http://www.fontbureau.com/designers/?
|
unknown
|
||
|
http://www.founder.com.cn/cn/bThe
|
unknown
|
||
|
https://account.dyn.com/
|
unknown
|
||
|
http://www.fontbureau.com/designers?
|
unknown
|
||
|
http://www.tiro.com
|
unknown
|
||
|
http://www.fontbureau.com/designers
|
unknown
|
||
|
http://www.goodfont.co.kr
|
unknown
|
||
|
http://www.carterandcone.coml
|
unknown
|
||
|
http://www.sajatypeworks.com
|
unknown
|
||
|
http://www.typography.netD
|
unknown
|
||
|
http://www.fontbureau.com/designers/cabarga.htmlN
|
unknown
|
||
|
http://www.founder.com.cn/cn/cThe
|
unknown
|
||
|
http://www.galapagosdesign.com/staff/dennis.htm
|
unknown
|
||
|
https://api.ipify.org
|
unknown
|
||
|
http://www.founder.com.cn/cn
|
unknown
|
||
|
http://www.fontbureau.com/designers/frere-user.html
|
unknown
|
||
|
http://www.jiyu-kobo.co.jp/
|
unknown
|
||
|
http://www.galapagosdesign.com/DPlease
|
unknown
|
||
|
http://www.fontbureau.com/designers8
|
unknown
|
||
|
http://www.fonts.com
|
unknown
|
||
|
http://www.sandoll.co.kr
|
unknown
|
||
|
http://www.urwpp.deDPlease
|
unknown
|
||
|
http://www.zhongyicts.com.cn
|
unknown
|
||
|
http://feeds.soundcloud.com/users/soundcloud:users:38128127/sounds.rss
|
unknown
|
||
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
|
unknown
|
||
|
http://www.sakkal.com
|
unknown
|
There are 19 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
56.126.166.20.in-addr.arpa
|
unknown
|
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
15992000
|
trusted library allocation
|
page read and write
|
|
|
|
14007000
|
trusted library allocation
|
page read and write
|
|
|
|
A51E079000
|
stack
|
page read and write
|
||
|
A51E0FF000
|
unkown
|
page read and write
|
||
|
1E530000
|
trusted library section
|
page read and write
|
||
|
3DF2000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1E9E000
|
stack
|
page read and write
|
||
|
13EED000
|
trusted library allocation
|
page read and write
|
||
|
1F199750000
|
heap
|
page read and write
|
||
|
BF0000
|
unkown
|
page readonly
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
1550000
|
heap
|
page read and write
|
||
|
1F7E0000
|
heap
|
page read and write
|
||
|
7FFD9B91D000
|
trusted library allocation
|
page execute and read and write
|
||
|
76267F000
|
unkown
|
page read and write
|
||
|
7FFD9B9A6000
|
trusted library allocation
|
page read and write
|
||
|
1C49C000
|
stack
|
page read and write
|
||
|
3780000
|
heap
|
page read and write
|
||
|
7626FE000
|
stack
|
page read and write
|
||
|
1F199775000
|
heap
|
page read and write
|
||
|
1844000
|
trusted library section
|
page readonly
|
||
|
170C000
|
heap
|
page read and write
|
||
|
2083E000
|
stack
|
page read and write
|
||
|
38A0000
|
heap
|
page execute and read and write
|
||
|
1543000
|
heap
|
page read and write
|
||
|
1F199788000
|
heap
|
page read and write
|
||
|
140E1000
|
trusted library allocation
|
page read and write
|
||
|
38B0000
|
trusted library section
|
page read and write
|
||
|
214DE000
|
stack
|
page read and write
|
||
|
1DD90000
|
trusted library allocation
|
page read and write
|
||
|
1850000
|
heap
|
page read and write
|
||
|
1F7FC000
|
heap
|
page read and write
|
||
|
13FD8000
|
trusted library allocation
|
page read and write
|
||
|
1450000
|
heap
|
page read and write
|
||
|
EF0000
|
heap
|
page read and write
|
||
|
762399000
|
stack
|
page read and write
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
13D19000
|
trusted library allocation
|
page read and write
|
||
|
1ED7EAC0000
|
heap
|
page read and write
|
||
|
7FFD9B94C000
|
trusted library allocation
|
page execute and read and write
|
||
|
2183E000
|
stack
|
page read and write
|
||
|
3CF1000
|
trusted library allocation
|
page read and write
|
||
|
1600000
|
heap
|
page read and write
|
||
|
7FFD9B94C000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B9A6000
|
trusted library allocation
|
page read and write
|
||
|
1C81B000
|
heap
|
page read and write
|
||
|
13E03000
|
trusted library allocation
|
page read and write
|
||
|
13D01000
|
trusted library allocation
|
page read and write
|
||
|
1ED7EB30000
|
heap
|
page read and write
|
||
|
1CB75000
|
heap
|
page read and write
|
||
|
1ED7EB80000
|
heap
|
page read and write
|
||
|
7FFD9BAF2000
|
trusted library allocation
|
page read and write
|
||
|
15A0000
|
heap
|
page read and write
|
||
|
15962000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
17F0000
|
heap
|
page execute and read and write
|
||
|
7FFD9BA99000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
1C8E0000
|
heap
|
page read and write
|
||
|
13F1D000
|
trusted library allocation
|
page read and write
|
||
|
2243B000
|
stack
|
page read and write
|
||
|
15E1000
|
heap
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
FD0000
|
heap
|
page read and write
|
||
|
1F81D000
|
heap
|
page read and write
|
||
|
3890000
|
trusted library section
|
page read and write
|
||
|
7FFD9BAD7000
|
trusted library allocation
|
page read and write
|
||
|
16AC000
|
heap
|
page read and write
|
||
|
7FFD9B914000
|
trusted library allocation
|
page read and write
|
||
|
1DDB2000
|
trusted library allocation
|
page read and write
|
||
|
1D4E000
|
stack
|
page read and write
|
||
|
3CEE000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
160F000
|
heap
|
page read and write
|
||
|
15F2000
|
stack
|
page read and write
|
||
|
13CF8000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA1F000
|
trusted library allocation
|
page execute and read and write
|
||
|
1ED7EB89000
|
heap
|
page read and write
|
||
|
417F000
|
trusted library allocation
|
page read and write
|
||
|
21C3E000
|
stack
|
page read and write
|
||
|
1945000
|
heap
|
page read and write
|
||
|
7FFD9BAE0000
|
trusted library allocation
|
page read and write
|
||
|
1F199770000
|
heap
|
page read and write
|
||
|
4181000
|
trusted library allocation
|
page read and write
|
||
|
1406B000
|
trusted library allocation
|
page read and write
|
||
|
3910000
|
heap
|
page execute and read and write
|
||
|
3770000
|
trusted library allocation
|
page read and write
|
||
|
1660000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
210DD000
|
stack
|
page read and write
|
||
|
1711000
|
heap
|
page read and write
|
||
|
1ED7EB35000
|
heap
|
page read and write
|
||
|
15D0000
|
heap
|
page read and write
|
||
|
7FFD9BB00000
|
trusted library allocation
|
page execute and read and write
|
||
|
16E0000
|
heap
|
page read and write
|
||
|
140A6000
|
trusted library allocation
|
page read and write
|
||
|
214F000
|
stack
|
page read and write
|
||
|
1FA60000
|
heap
|
page read and write
|
||
|
415A000
|
trusted library allocation
|
page read and write
|
||
|
4F3ADFC000
|
stack
|
page read and write
|
||
|
18C5000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
160D000
|
heap
|
page read and write
|
||
|
14C5000
|
heap
|
page read and write
|
||
|
1570000
|
trusted library section
|
page readonly
|
||
|
1CB70000
|
heap
|
page read and write
|
||
|
13FF0000
|
trusted library allocation
|
page read and write
|
||
|
2143E000
|
stack
|
page read and write
|
||
|
1820000
|
heap
|
page read and write
|
||
|
15E4000
|
heap
|
page read and write
|
||
|
7FFD9B9D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1940000
|
heap
|
page read and write
|
||
|
7FFD9B8F0000
|
trusted library allocation
|
page read and write
|
||
|
13E33000
|
trusted library allocation
|
page read and write
|
||
|
170A000
|
heap
|
page read and write
|
||
|
7FFD9B9AC000
|
trusted library allocation
|
page execute and read and write
|
||
|
A51E17F000
|
stack
|
page read and write
|
||
|
1C980000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
13D31000
|
trusted library allocation
|
page read and write
|
||
|
415C000
|
trusted library allocation
|
page read and write
|
||
|
1781000
|
heap
|
page read and write
|
||
|
7FFD9B8F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
1CD8D000
|
stack
|
page read and write
|
||
|
1723000
|
heap
|
page read and write
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
41A6000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B908000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F4000
|
trusted library allocation
|
page read and write
|
||
|
17D0000
|
heap
|
page read and write
|
||
|
1792000
|
heap
|
page read and write
|
||
|
7FFD9B9B0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1615000
|
heap
|
page read and write
|
||
|
208DE000
|
stack
|
page read and write
|
||
|
204DF000
|
stack
|
page read and write
|
||
|
140E7000
|
trusted library allocation
|
page read and write
|
||
|
1C80B000
|
heap
|
page read and write
|
||
|
7FFD9B914000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
15A6000
|
heap
|
page read and write
|
||
|
1620000
|
heap
|
page read and write
|
||
|
7FFD9B8F4000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA97000
|
trusted library allocation
|
page read and write
|
||
|
1FAA6000
|
heap
|
page read and write
|
||
|
1DF80000
|
heap
|
page read and write
|
||
|
16A0000
|
heap
|
page read and write
|
||
|
BF2000
|
unkown
|
page readonly
|
||
|
7FFD9BAA0000
|
trusted library allocation
|
page read and write
|
||
|
2043F000
|
stack
|
page read and write
|
||
|
7FFD9B9D6000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C57C000
|
stack
|
page read and write
|
||
|
1C9D0000
|
heap
|
page read and write
|
||
|
3E49000
|
trusted library allocation
|
page read and write
|
||
|
417D000
|
trusted library allocation
|
page read and write
|
||
|
13F73000
|
trusted library allocation
|
page read and write
|
||
|
1F841000
|
heap
|
page read and write
|
||
|
18B0000
|
heap
|
page execute and read and write
|
||
|
16E2000
|
heap
|
page read and write
|
||
|
170E000
|
heap
|
page read and write
|
||
|
41A9000
|
trusted library allocation
|
page read and write
|
||
|
1F199670000
|
heap
|
page read and write
|
||
|
4176000
|
trusted library allocation
|
page read and write
|
||
|
2003E000
|
stack
|
page read and write
|
||
|
13F2000
|
stack
|
page read and write
|
||
|
14A0000
|
trusted library allocation
|
page read and write
|
||
|
3D1F000
|
stack
|
page read and write
|
||
|
16A6000
|
heap
|
page read and write
|
||
|
1C84A000
|
heap
|
page read and write
|
||
|
7FFD9B90D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1840000
|
trusted library section
|
page readonly
|
||
|
1CF7D000
|
stack
|
page read and write
|
||
|
1C9C0000
|
heap
|
page read and write
|
||
|
1823000
|
heap
|
page read and write
|
||
|
7FFD9B8FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
41CC000
|
trusted library allocation
|
page read and write
|
||
|
1540000
|
heap
|
page read and write
|
||
|
1F199880000
|
heap
|
page read and write
|
||
|
7FFD9BAC0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C9B0000
|
heap
|
page read and write
|
||
|
1FAA4000
|
heap
|
page read and write
|
||
|
7FFD9B90C000
|
trusted library allocation
|
page read and write
|
||
|
3DBB000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B900000
|
trusted library allocation
|
page read and write
|
||
|
1C7E0000
|
heap
|
page read and write
|
||
|
41FC000
|
trusted library allocation
|
page read and write
|
||
|
3E00000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA13000
|
trusted library allocation
|
page execute and read and write
|
||
|
20C3F000
|
stack
|
page read and write
|
||
|
200DE000
|
stack
|
page read and write
|
||
|
3D21000
|
trusted library allocation
|
page read and write
|
||
|
2103B000
|
stack
|
page read and write
|
||
|
1686000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
1440000
|
heap
|
page read and write
|
||
|
1ED7EAE0000
|
heap
|
page read and write
|
||
|
415E000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BAD2000
|
trusted library allocation
|
page read and write
|
||
|
4183000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA8B000
|
heap
|
page read and write
|
||
|
15CD000
|
heap
|
page read and write
|
||
|
1A9E000
|
stack
|
page read and write
|
||
|
1890000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
14D0000
|
trusted library allocation
|
page read and write
|
||
|
15AC000
|
heap
|
page read and write
|
||
|
1BD50000
|
trusted library allocation
|
page read and write
|
||
|
1FCDD000
|
stack
|
page read and write
|
||
|
D20000
|
heap
|
page read and write
|
||
|
21CDF000
|
stack
|
page read and write
|
||
|
FE87DFC000
|
stack
|
page read and write
|
||
|
13D21000
|
trusted library allocation
|
page read and write
|
||
|
1BD20000
|
trusted library allocation
|
page read and write
|
||
|
4160000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8FD000
|
trusted library allocation
|
page execute and read and write
|
||
|
1C7F0000
|
heap
|
page read and write
|
||
|
7FFD9B8F3000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BAF0000
|
trusted library allocation
|
page read and write
|
||
|
13D28000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B8F2000
|
trusted library allocation
|
page read and write
|
||
|
1F199780000
|
heap
|
page read and write
|
||
|
1800000
|
heap
|
page read and write
|
||
|
2203F000
|
stack
|
page read and write
|
||
|
13CF1000
|
trusted library allocation
|
page read and write
|
||
|
1680000
|
trusted library allocation
|
page read and write
|
||
|
1420000
|
heap
|
page read and write
|
||
|
1445000
|
heap
|
page read and write
|
||
|
1C8E5000
|
heap
|
page read and write
|
||
|
7FFD9BAB0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BADA000
|
trusted library allocation
|
page read and write
|
||
|
417B000
|
trusted library allocation
|
page read and write
|
||
|
1ED7EAB0000
|
heap
|
page read and write
|
||
|
4185000
|
trusted library allocation
|
page read and write
|
||
|
1E190000
|
heap
|
page read and write
|
||
|
7FF4D2E40000
|
trusted library allocation
|
page execute and read and write
|
||
|
218DB000
|
stack
|
page read and write
|
||
|
16CA000
|
heap
|
page read and write
|
||
|
14162000
|
trusted library allocation
|
page read and write
|
||
|
14C0000
|
heap
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
1580000
|
heap
|
page read and write
|
||
|
20CDB000
|
stack
|
page read and write
|
||
|
7FFD9BAD0000
|
trusted library allocation
|
page read and write
|
||
|
18C0000
|
heap
|
page read and write
|
||
|
1400000
|
heap
|
page read and write
|
||
|
3E02000
|
trusted library allocation
|
page read and write
|
There are 238 hidden memdumps, click here to show them.